[PATCH] ngx_http_parse_chunked might request wrong number of bytes
mdounin at mdounin.ru
Fri Jun 28 10:24:45 UTC 2013
On Thu, Jun 27, 2013 at 11:20:56PM +0400, Dmitry Popov wrote:
> Consider a case when we've just read chunk size (but nothing else):
> case sw_chunk_size:
> ctx->length = 2 /* LF LF */
> + (ctx->size ? ctx->size + 4 /* LF "0" LF LF */ : 0);
> ctx->length will be equal to 6 + ctx->size, but actually we need 5 + ctx->size
> bytes: LF <data> LF 0 LF LF. It may lead to a deadlock (peer waits for a
> response from us while we wait for that last byte).
> * IIRC, RFC states that CRLF should be used after chunk size, not LF, so it's
> not so critical, but I think it should be fixed anyway.
Thanks, patch committed (with minor changes).
More information about the nginx-devel