From 9129fb3db9e2f9899161e9573e7a19c774a0df6a Mon Sep 17 00:00:00 2001 From: Roman Arutyunyan Date: Tue, 17 Nov 2020 20:54:10 +0000 Subject: HTTP/3: null-terminate empty header value. Header value returned from the HTTP parser is expected to be null-terminated or have a spare byte after the value bytes. When an empty header value was passed by client in a literal header representation, neither was true. This could result in segfault. The fix is to assign a literal empty null-terminated string in this case. Thanks to Andrey Kolyshkin. --- src/http/v3/ngx_http_v3_parse.c | 1 + 1 file changed, 1 insertion(+) (limited to 'src/http/v3/ngx_http_v3_parse.c') diff --git a/src/http/v3/ngx_http_v3_parse.c b/src/http/v3/ngx_http_v3_parse.c index d5ff3cb8f..afe442464 100644 --- a/src/http/v3/ngx_http_v3_parse.c +++ b/src/http/v3/ngx_http_v3_parse.c @@ -746,6 +746,7 @@ ngx_http_v3_parse_header_l(ngx_connection_t *c, st->literal.length = st->pint.value; if (st->literal.length == 0) { + st->value.data = (u_char *) ""; goto done; } -- cgit