[nginx] SPDY: added protection from overrun of the receive buffer.
Valentin Bartenev
vbart at nginx.com
Thu May 15 15:25:57 UTC 2014
details: http://hg.nginx.org/nginx/rev/19a14a484707
branches:
changeset: 5696:19a14a484707
user: Valentin Bartenev <vbart at nginx.com>
date: Wed Apr 30 20:34:20 2014 +0400
description:
SPDY: added protection from overrun of the receive buffer.
diffstat:
src/http/ngx_http_spdy.c | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)
diffs (18 lines):
diff -r 231588611230 -r 19a14a484707 src/http/ngx_http_spdy.c
--- a/src/http/ngx_http_spdy.c Wed Apr 30 20:34:20 2014 +0400
+++ b/src/http/ngx_http_spdy.c Wed Apr 30 20:34:20 2014 +0400
@@ -1921,6 +1921,14 @@ ngx_http_spdy_state_complete(ngx_http_sp
ngx_log_debug2(NGX_LOG_DEBUG_HTTP, sc->connection->log, 0,
"spdy frame complete pos:%p end:%p", pos, end);
+ if (pos > end) {
+ ngx_log_error(NGX_LOG_ALERT, sc->connection->log, 0,
+ "receive buffer overrun");
+
+ ngx_debug_point();
+ return ngx_http_spdy_state_internal_error(sc);
+ }
+
sc->handler = ngx_http_spdy_state_head;
sc->stream = NULL;
More information about the nginx-devel
mailing list