github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

Clean the garbage character after the duplicated charset property

Browse Source 
Pull request #148 by zimmerle doesn't fix the problem. '\0' in format
string won't be processed by "ngx_vslprintf".
When the garbage character is '\n' or '\r', http response is cracked and
browsers may go crashing.
This commit is contained in:
ahuango 2013-12-12 14:22:30 +08:00 committed by Felipe Zimmerle
parent 74ec784005
commit b788ce2608
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nginx/modsecurity/ngx_http_modsecurity.c
View File

@ -615,7 +615,7 @@ ngx_http_modsecurity_load_headers_out(ngx_http_request_t *r)
} }
ngx_snprintf(content_type, content_type_len, ngx_snprintf(content_type, content_type_len,
"%V; charset=%V\0", "%V; charset=%V%Z",
&r->headers_out.content_type, &r->headers_out.content_type,
&r->headers_out.charset); &r->headers_out.charset);