From 6d7ec5009a585fbbfa01a1b02fe7116957bcf5f0 Mon Sep 17 00:00:00 2001
From: Valentin Bartenev <vbart@nginx.com>
Date: Thu, 29 Aug 2013 22:35:54 +0400
Subject: Referer: fixed hostname buffer overflow check.

Because of premature check the effective buffer size was 255 symbols
while the buffer is able to handle 256.
---
 src/http/modules/ngx_http_referer_module.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'src/http/modules')

diff --git a/src/http/modules/ngx_http_referer_module.c b/src/http/modules/ngx_http_referer_module.c
index a51176713..b417eb227 100644
--- a/src/http/modules/ngx_http_referer_module.c
+++ b/src/http/modules/ngx_http_referer_module.c
@@ -178,12 +178,12 @@ valid_scheme:
             break;
         }
 
-        buf[i] = ngx_tolower(*p);
-        key = ngx_hash(key, buf[i++]);
-
         if (i == 256) {
             goto invalid;
         }
+
+        buf[i] = ngx_tolower(*p);
+        key = ngx_hash(key, buf[i++]);
     }
 
     uri = ngx_hash_find_combined(&rlcf->hash, key, buf, p - ref);
-- 
cgit