[PATCH] Ignore response header entries with zero hash in ngx_http_varaible_headers

agentzh agentzh at gmail.com
Wed Nov 9 09:49:51 UTC 2011


On Sat, Oct 1, 2011 at 2:08 AM, agentzh <agentzh at gmail.com> wrote:
>
> Thank you for the review. I've already updated the patch per your
> suggestion and tested on my side :)
>

Markus Linnala has found a memory overflow issue in my previous patch.
Here attaches an updated one for nginx 1.0.9.

Thanks!
-agentzh

--- nginx-1.0.9/src/http/ngx_http_variables.c	2011-05-30
20:36:17.000000000 +0800
+++ nginx-1.0.9-patched/src/http/ngx_http_variables.c	2011-11-08
22:21:55.229247198 +0800
@@ -648,7 +648,17 @@

     a = (ngx_array_t *) ((char *) r + data);

-    n = a->nelts;
+    h = a->elts;
+    n = 0;
+
+    for (i = 0; i < a->nelts; i++) {
+
+        if (h[i]->hash == 0) {
+            continue;
+        }
+
+        n++;
+    }

     if (n == 0) {
         v->not_found = 1;
@@ -659,9 +669,7 @@
     v->no_cacheable = 0;
     v->not_found = 0;

-    h = a->elts;
-
-    if (n == 1) {
+    if (n == 1 && a->nelts == 1) {
         v->len = (*h)->value.len;
         v->data = (*h)->value.data;

@@ -670,7 +678,12 @@

     len = - (ssize_t) (sizeof("; ") - 1);

-    for (i = 0; i < n; i++) {
+    for (i = 0; i < a->nelts; i++) {
+
+        if (h[i]->hash == 0) {
+            continue;
+        }
+
         len += h[i]->value.len + sizeof("; ") - 1;
     }

@@ -683,9 +696,14 @@
     v->data = p;

     for (i = 0; /* void */ ; i++) {
+
+        if (h[i]->hash == 0) {
+            continue;
+        }
+
         p = ngx_copy(p, h[i]->value.data, h[i]->value.len);

-        if (i == n - 1) {
+        if (--n == 0) {
             break;
         }

@@ -738,6 +756,10 @@
             i = 0;
         }

+        if (header[i].hash == 0) {
+            continue;
+        }
+
         for (n = 0; n + prefix < var->len && n < header[i].key.len; n++) {
             ch = header[i].key.data[n];
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nginx-1.0.9-variable_header_ignore_no_hash.patch
Type: application/octet-stream
Size: 1499 bytes
Desc: not available
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20111109/a9a1338d/attachment.obj>


More information about the nginx-devel mailing list