[PATCH] Fix a memory invalid read issue in ngx_http_gzip_ok
agentzh
agentzh at gmail.com
Thu Dec 22 13:37:46 UTC 2011
On Thu, Dec 22, 2011 at 9:21 PM, Maxim Dounin <mdounin at mdounin.ru> wrote:
>
> As I already said more than once, I don't think we should. If
> it's needed - it means something else needs fixing. We do support
> arbitrary modification of headers passed to upstream servers, and
> this should be enough.
>
> But, actually, nobody stops you from adding headers correctly,
> i.e. null-terminated.
>
Creating null-terminated buffers ourselves often means extra memory
allocations and data copying because ngx_str_t does not require a C
string at all ;)
Is it really so hard to just add a dead simple check there? ;) It does
not break the current behavior of the Nginx core at all. If there's
any other issues as you've mentioned, I'm very willing to help
preparing patches :)
Best,
-agentzh
More information about the nginx-devel
mailing list