[nginx] SPDY: added protection from overrun of the receive buffer.

Valentin Bartenev vbart at nginx.com
Thu May 15 15:25:57 UTC 2014


details:   http://hg.nginx.org/nginx/rev/19a14a484707
branches:  
changeset: 5696:19a14a484707
user:      Valentin Bartenev <vbart at nginx.com>
date:      Wed Apr 30 20:34:20 2014 +0400
description:
SPDY: added protection from overrun of the receive buffer.

diffstat:

 src/http/ngx_http_spdy.c |  8 ++++++++
 1 files changed, 8 insertions(+), 0 deletions(-)

diffs (18 lines):

diff -r 231588611230 -r 19a14a484707 src/http/ngx_http_spdy.c
--- a/src/http/ngx_http_spdy.c	Wed Apr 30 20:34:20 2014 +0400
+++ b/src/http/ngx_http_spdy.c	Wed Apr 30 20:34:20 2014 +0400
@@ -1921,6 +1921,14 @@ ngx_http_spdy_state_complete(ngx_http_sp
     ngx_log_debug2(NGX_LOG_DEBUG_HTTP, sc->connection->log, 0,
                    "spdy frame complete pos:%p end:%p", pos, end);
 
+    if (pos > end) {
+        ngx_log_error(NGX_LOG_ALERT, sc->connection->log, 0,
+                      "receive buffer overrun");
+
+        ngx_debug_point();
+        return ngx_http_spdy_state_internal_error(sc);
+    }
+
     sc->handler = ngx_http_spdy_state_head;
     sc->stream = NULL;
 



More information about the nginx-devel mailing list