Mercurial > hg > nginx

changeset 7562:52b5ee64fe11

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Detect runaway chunks in ngx_http_parse_chunked(). As defined in HTTP/1.1, body chunks have the following ABNF: chunk = chunk-size [ chunk-ext ] CRLF chunk-data CRLF where chunk-data is a sequence of chunk-size octets. With this change, chunk-data that doesn't end up with CRLF at chunk-size offset will be treated as invalid, such as in the example provided below: 4 SEE-THIS-AND- 4 THAT 0
author Sergey Kandaurov <pluknet@nginx.com>
date Tue, 03 Sep 2019 17:26:56 +0300
parents 9f1f9d6e056a
children a7e8f953408e
files src/http/ngx_http_parse.c
diffstat 1 files changed, 3 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/http/ngx_http_parse.c
+++ b/src/http/ngx_http_parse.c
@@ -2268,6 +2268,9 @@ ngx_http_parse_chunked(ngx_http_request_
                 break;
             case LF:
                 state = sw_chunk_start;
+                break;
+            default:
+                goto invalid;
             }
             break;