commit | 9701642af39efeb06a119f62bc0255db0a0f0a0f | [log] [tgz] |
---|---|---|
author | Sergey Kandaurov <pluknet@nginx.com> | Tue Sep 03 17:26:56 2019 +0300 |
committer | Sergey Kandaurov <pluknet@nginx.com> | Tue Sep 03 17:26:56 2019 +0300 |
tree | 21a7e00b9548d030ed7bc476a62837229294b83b | |
parent | 79279b6a61e8685e6d3e030768620665e32cb296 [diff] |
Detect runaway chunks in ngx_http_parse_chunked(). As defined in HTTP/1.1, body chunks have the following ABNF: chunk = chunk-size [ chunk-ext ] CRLF chunk-data CRLF where chunk-data is a sequence of chunk-size octets. With this change, chunk-data that doesn't end up with CRLF at chunk-size offset will be treated as invalid, such as in the example provided below: 4 SEE-THIS-AND- 4 THAT 0