> As already noted off-list, this is certainly not the only field > which might be not yet set when > ngx_http_alloc_large_header_buffer() is called. From the patch > context as shown, at least r->method_end and r->uri_start might > not be set as well, leading to similar overflows. And certainly > there are other fields as well.
Agreed, there is a clear pattern in this case. I have updated the patch to test other cases as well. Also, I've created a separate patch to remove r->port_start, which is actually unused and looks like remnant of old refactoring. _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel