[nginx] Request body: avoid potential overflow.

Maxim Dounin mdounin at mdounin.ru
Tue Mar 4 15:18:35 UTC 2014


details:   http://hg.nginx.org/nginx/rev/8a2261c59f3b
branches:  stable-1.4
changeset: 5595:8a2261c59f3b
user:      Maxim Dounin <mdounin at mdounin.ru>
date:      Mon Mar 03 17:39:53 2014 +0400
description:
Request body: avoid potential overflow.

diffstat:

 src/http/ngx_http_request_body.c |  8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diffs (21 lines):

diff --git a/src/http/ngx_http_request_body.c b/src/http/ngx_http_request_body.c
--- a/src/http/ngx_http_request_body.c
+++ b/src/http/ngx_http_request_body.c
@@ -953,13 +953,13 @@ ngx_http_request_body_chunked_filter(ngx
 
                 if (clcf->client_max_body_size
                     && clcf->client_max_body_size
-                       < r->headers_in.content_length_n + rb->chunked->size)
+                       - r->headers_in.content_length_n < rb->chunked->size)
                 {
                     ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
                                   "client intended to send too large chunked "
-                                  "body: %O bytes",
-                                  r->headers_in.content_length_n
-                                  + rb->chunked->size);
+                                  "body: %O+%O bytes",
+                                  r->headers_in.content_length_n,
+                                  rb->chunked->size);
 
                     r->lingering_close = 1;
 



More information about the nginx-devel mailing list