fix segfault if there is single large_client_header_buffers

author Igor Sysoev <igor@sysoev.ru>

Tue, 3 Nov 2009 18:12:20 +0000 (18:12 +0000)

committer Igor Sysoev <igor@sysoev.ru>

Tue, 3 Nov 2009 18:12:20 +0000 (18:12 +0000)
author Igor Sysoev <igor@sysoev.ru>
Tue, 3 Nov 2009 18:12:20 +0000 (18:12 +0000)
committer Igor Sysoev <igor@sysoev.ru>
Tue, 3 Nov 2009 18:12:20 +0000 (18:12 +0000)
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c

index a0c4ea3b8f13942fbe057005ef02fecaab41941a..56eee2643e8a4ca51d390e3a594b2b5e44f2261a 100644 (file)
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -954,9 +954,17 @@ ngx_http_process_request_headers(ngx_event_t *rev)
                  }
  
                  if (rv == NGX_DECLINED) {
-                    len = r->header_in->end - r->header_name_start;
                      p = r->header_name_start;
  
+                    if (p == NULL) {
+                        ngx_log_error(NGX_LOG_INFO, c->log, 0,
+                                      "client sent too large request");
+                        ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST);
+                        return;
+                    }
+
+                    len = r->header_in->end - p;
+
                      if (len > NGX_MAX_ERROR_STR - 300) {
                          len = NGX_MAX_ERROR_STR - 300;
                          p[len++] = '.'; p[len++] = '.'; p[len++] = '.';
author	Igor Sysoev <igor@sysoev.ru>
	Tue, 3 Nov 2009 18:12:20 +0000 (18:12 +0000)
committer	Igor Sysoev <igor@sysoev.ru>
	Tue, 3 Nov 2009 18:12:20 +0000 (18:12 +0000)