git.kaiwu.me - nginx.git/commit

author	Maxim Dounin <mdounin@mdounin.ru>
	Thu, 15 Mar 2012 11:41:43 +0000 (11:41 +0000)
committer	Maxim Dounin <mdounin@mdounin.ru>
	Thu, 15 Mar 2012 11:41:43 +0000 (11:41 +0000)
commit	44eade9c1df4ef009d9fcd7721d8e4c34370ca1d
tree	8be1916c9f4d828004ce934a83d0d97207cd327a	tree \| snapshot
parent	6dbc33f8317e2a7a9596351f48f7914b5450779b	commit \| diff

Merge of r4530, r4531: null character fixes.

*) Fixed incorrect ngx_cpystrn() usage in ngx_http_*_process_header().

   This resulted in a disclosure of previously freed memory if upstream
   server returned specially crafted response, potentially exposing
   sensitive information.

   Reported by Matthew Daley.

*) Headers with null character are now rejected.

   Headers with NUL character aren't allowed by HTTP standard and may cause
   various security problems.  They are now unconditionally rejected.

src/http/modules/ngx_http_fastcgi_module.c		diff \| blob \| history
src/http/modules/ngx_http_proxy_module.c		diff \| blob \| history
src/http/modules/ngx_http_scgi_module.c		diff \| blob \| history
src/http/modules/ngx_http_uwsgi_module.c		diff \| blob \| history
src/http/ngx_http_parse.c		diff \| blob \| history