From b788ce260805f43a103439de30ae9c966bfd9d73 Mon Sep 17 00:00:00 2001
From: ahuango <ahuango@gmail.com>
Date: Thu, 12 Dec 2013 14:22:30 +0800
Subject: [PATCH] Clean the garbage character after the duplicated charset
 property

Pull request #148 by zimmerle doesn't fix the problem. '\0' in format
string won't be processed by "ngx_vslprintf".
When the garbage character is '\n' or '\r', http response is cracked and
browsers may go crashing.
---
 nginx/modsecurity/ngx_http_modsecurity.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nginx/modsecurity/ngx_http_modsecurity.c b/nginx/modsecurity/ngx_http_modsecurity.c
index b6b78e4e..8e8b8bc8 100644
--- a/nginx/modsecurity/ngx_http_modsecurity.c
+++ b/nginx/modsecurity/ngx_http_modsecurity.c
@@ -615,7 +615,7 @@ ngx_http_modsecurity_load_headers_out(ngx_http_request_t *r)
         }
 
         ngx_snprintf(content_type, content_type_len,
-                     "%V; charset=%V\0",
+                     "%V; charset=%V%Z",
                      &r->headers_out.content_type,
                      &r->headers_out.charset);