Commit c01481a4cb5c79e65bd259da6ad33a1eb95cc352 - nginx

Fixed possible buffer overrun in "too long header line" logging. Additionally, ellipsis now always added to make it clear that the header logged is incomplete. Reported by Daniil Bondarev. Maxim Dounin 6 years ago

1 changed file(s) with 2 addition(s) and 3 deletion(s). Raw diff Collapse all Expand all

-3

src/http/ngx_http_request.c less more

1226	1226
1227	1227	if (len > NGX_MAX_ERROR_STR - 300) {
1228	1228	len = NGX_MAX_ERROR_STR - 300;
1229		p[len++] = '.'; p[len++] = '.'; p[len++] = '.';
1230	1229	}
1231	1230
1232	1231	ngx_log_error(NGX_LOG_INFO, c->log, 0,
1233		"client sent too long header line: \"%*s\"",
1234		len, r->header_name_start);
	1232	"client sent too long header line: \"%*s...\"",
	1233	len, r->header_name_start);
1235	1234
1236	1235	ngx_http_finalize_request(r,
1237	1236	NGX_HTTP_REQUEST_HEADER_TOO_LARGE);