From e915844d64899e23511792fd3f7e515beb268609 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Wed, 4 Feb 2026 08:52:24 +0100 Subject: [PATCH] Do not include zero byte in output headers ngx_str_t is not null terminated --- src/ngx_http_modsecurity_header_filter.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/src/ngx_http_modsecurity_header_filter.c b/src/ngx_http_modsecurity_header_filter.c index 03b8764..48e7f9d 100644 --- a/src/ngx_http_modsecurity_header_filter.c +++ b/src/ngx_http_modsecurity_header_filter.c @@ -157,10 +157,10 @@ ngx_http_modsecurity_resolv_header_server(ngx_http_request_t *r, ngx_str_t name, if (r->headers_out.server == NULL) { if (clcf->server_tokens) { value.data = (u_char *)ngx_http_server_full_string; - value.len = sizeof(ngx_http_server_full_string); + value.len = sizeof(ngx_http_server_full_string) - 1; } else { value.data = (u_char *)ngx_http_server_string; - value.len = sizeof(ngx_http_server_string); + value.len = sizeof(ngx_http_server_string) - 1; } } else { ngx_table_elt_t *h = r->headers_out.server; @@ -214,15 +214,14 @@ ngx_http_modsecurity_resolv_header_content_length(ngx_http_request_t *r, ngx_str { ngx_http_modsecurity_ctx_t *ctx = NULL; ngx_str_t value; - char buf[NGX_INT64_LEN+2]; + char buf[NGX_INT64_LEN + 1]; ctx = ngx_http_modsecurity_get_module_ctx(r); if (r->headers_out.content_length_n > 0) { - ngx_sprintf((u_char *)buf, "%O%Z", r->headers_out.content_length_n); + value.len = (int)(ngx_sprintf((u_char *)buf, "%O", r->headers_out.content_length_n) - (u_char *)buf); value.data = (unsigned char *)buf; - value.len = strlen(buf); #if defined(MODSECURITY_SANITY_CHECKS) && (MODSECURITY_SANITY_CHECKS) ngx_http_modsecurity_store_ctx_header(r, &name, &value);