)]}'
{
  "commit": "142437da1adb5aced816e099a581cb9e927d479c",
  "tree": "7571132be835bb194a80b5b42ae9c81a529955a0",
  "parents": [
    "f878c05185231c59caafb0131ad717f44b7d54eb"
  ],
  "author": {
    "name": "Valentin Bartenev",
    "email": "vbart@nginx.com",
    "time": "Wed Feb 24 16:01:23 2016 +0300"
  },
  "committer": {
    "name": "Valentin Bartenev",
    "email": "vbart@nginx.com",
    "time": "Wed Feb 24 16:01:23 2016 +0300"
  },
  "message": "Fixed buffer over-read while logging invalid request headers.\n\nSince 667aaf61a778 (1.1.17) the ngx_http_parse_header_line() function can return\nNGX_HTTP_PARSE_INVALID_HEADER when a header contains NUL character.  In this\ncase the r-\u003eheader_end pointer isn\u0027t properly initialized, but the log message\nin ngx_http_process_request_headers() hasn\u0027t been adjusted.  It used the pointer\nin size calculation, which might result in up to 2k buffer over-read.\n\nFound with afl-fuzz.\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "99e9325099cd1a969120870018aaa3a948015c0f",
      "old_mode": 33188,
      "old_path": "src/http/ngx_http_request.c",
      "new_id": "5a39c118afd1347488955f80216d11d2c0ac1408",
      "new_mode": 33188,
      "new_path": "src/http/ngx_http_request.c"
    }
  ]
}