Clean the garbage character after the duplicated charset property

Pull request #148 by zimmerle doesn't fix the problem. '\0' in format string won't be processed by "ngx_vslprintf". When the garbage character is '\n' or '\r', http response is cracked and browsers may go crashing.
owasp-modsecurity · Dec 19, 2013 · b788ce2 · b788ce2
1 parent 74ec784
commit b788ce2
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/nginx/modsecurity/ngx_http_modsecurity.c b/nginx/modsecurity/ngx_http_modsecurity.c
@@ -615,7 +615,7 @@ ngx_http_modsecurity_load_headers_out(ngx_http_request_t *r)
         }
 
         ngx_snprintf(content_type, content_type_len,
-                     "%V; charset=%V\0",
+                     "%V; charset=%V%Z",
                      &r->headers_out.content_type,
                      &r->headers_out.charset);