github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Bugfix: missing string terminator while mounting the charset (nginx)

Browse Source 
The charset in headers is mounted using ngx_snprintf which
does not place the string terminator. This patch adds the
terminator at the end of the string. The size was correctly
allocated, just missing the terminator.

This bug was report at:
- https://www.modsecurity.org/tracker/browse/MODSEC-420
- https://github.com/SpiderLabs/ModSecurity/issues/142

Both reports cames with patch, first by Veli Pekka Jutila and
second by wellumies.
This commit is contained in:
Felipe Zimmerle
2013-09-30 21:56:57 -03:00
parent 786773189a
commit ff19dcd5c5
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
nginx/modsecurity/ngx_http_modsecurity.c
View File

@@ -615,7 +615,7 @@ ngx_http_modsecurity_load_headers_out(ngx_http_request_t *r)
}
ngx_snprintf(content_type, content_type_len,
"%V; charset=%V",
"%V; charset=%V\0",
&r->headers_out.content_type,
&r->headers_out.charset);