[PATCH] Fix a memory invalid read issue in ngx_http_gzip_ok

agentzh agentzh at gmail.com
Thu Dec 22 13:37:46 UTC 2011


On Thu, Dec 22, 2011 at 9:21 PM, Maxim Dounin <mdounin at mdounin.ru> wrote:
>
> As I already said more than once, I don't think we should.  If
> it's needed - it means something else needs fixing.  We do support
> arbitrary modification of headers passed to upstream servers, and
> this should be enough.
>
> But, actually, nobody stops you from adding headers correctly,
> i.e. null-terminated.
>

Creating null-terminated buffers ourselves often means extra memory
allocations and data copying because ngx_str_t does not require a C
string at all ;)

Is it really so hard to just add a dead simple check there? ;) It does
not break the current behavior of the Nginx core at all. If there's
any other issues as you've mentioned, I'm very willing to help
preparing patches :)

Best,
-agentzh



More information about the nginx-devel mailing list