[PATCH] Fix a memory invalid read issue in ngx_http_gzip_ok

[agentzh]

Hello!

Here attaches a patch for ngx_http_core_module (of the Nginx 1.0.10
core) to fix a memory invalid read bug captured by the valgrind
memcheck tool on my side.

When the Accept-Encoding request header takes the exact "gzip" value,
the ngx_http_gzip_ok function might run out of the memory block by 1
byte when calling ngx_memcmp to compare exactly 5 bytes of data.

Hopefully this patch can be applied to the mainstream nginx :)

Thanks!
-agentzh

--- nginx-1.0.10/src/http/ngx_http_core_module.c	2011-11-01
21:45:33.000000000 +0800
+++ nginx-1.0.10-patched/src/http/ngx_http_core_module.c	2011-12-22
11:08:02.546297974 +0800
@@ -2070,7 +2070,7 @@
      *   Opera:   "gzip, deflate"
      */

-    if (ngx_memcmp(ae->value.data, "gzip,", 5) != 0
+    if (ngx_memcmp(ae->value.data, "gzip,", ngx_min(ae->value.len, 5)) != 0
         && ngx_http_gzip_accept_encoding(&ae->value) != NGX_OK)
     {
         return NGX_DECLINED;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nginx-1.0.10-gzip_ok_invalid_read_fix.patch
Type: application/octet-stream
Size: 477 bytes
Desc: not available
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20111222/e12a6b2c/attachment.obj>