Prevent buffer overrun on NGX_HTTP_REQUEST_HEADER_TOO_LARGE
Bondarev, Daniil
bondarev at amazon.com
Tue Oct 7 19:11:24 UTC 2014
Hey Maxim,
> On the other hand, looking into this more closely, I tend to think
> that ellipsis should be always added to make it clear that the
> header logged is incomplete.
Agree, good point!
Patch looks good to me, only note - you can reduce amount of lines by ngx_min,
if you wish:
diff -r 6bbad2e73245 src/http/ngx_http_request.c
--- a/src/http/ngx_http_request.c Wed Aug 27 20:51:01 2014 +0400
+++ b/src/http/ngx_http_request.c Tue Oct 07 12:06:36 2014 -0700
@@ -1223,15 +1223,11 @@
return;
}
- len = r->header_in->end - p;
-
- if (len > NGX_MAX_ERROR_STR - 300) {
- len = NGX_MAX_ERROR_STR - 300;
- p[len++] = '.'; p[len++] = '.'; p[len++] = '.';
- }
+ len = ngx_min(r->header_in->end - p,
+ NGX_MAX_ERROR_STR - 300);
ngx_log_error(NGX_LOG_INFO, c->log, 0,
- "client sent too long header line: \"%*s\"",
+ "client sent too long header line: \"%*s...\"",
len, r->header_name_start);
ngx_http_finalize_request(r,
Thanks!
Daniil
More information about the nginx-devel
mailing list