nginx/src/http
Roman Arutyunyan 58a7bc3406 HTTP/2: limit Content-Type and Location response header length
Previously, when these fields were larger than ~2M, the number of bytes
allocated for the field length was insufficient for such a large number.
The deficit is 1 byte up until ~4M, 2 bytes for sizes above, and grows
bigger with even larger fields.

Currently, nginx does not have modules which allow to exploit this
overflow with reasonably large Content-Type and Location.  The reason is
other response fields make up for this deficit.  For example, the Date
header value contains the characters compressed well by Huffman
encoding, which frees up spare bytes in the header buffer.

Reported by Leo Lin.
2026-05-15 16:23:39 +04:00
..
modules Mp4: avoid adding or comparing to null pointer 2026-05-15 16:20:30 +04:00
v2 HTTP/2: limit Content-Type and Location response header length 2026-05-15 16:23:39 +04:00
v3 HTTP/3: optimize encoder stream memory usage 2026-04-16 19:47:46 +04:00
ngx_http.c The "multipath" parameter of the "listen" directive. 2026-03-19 01:13:51 +04:00
ngx_http.h Upstream: fixed parsing of split status lines 2026-05-13 21:19:47 +04:00
ngx_http_cache.h Cache: keep c->body_start when Vary changes (ticket #2029). 2020-09-09 19:26:27 +03:00
ngx_http_config.h
ngx_http_copy_filter_module.c Fixed request termination with AIO and subrequests (ticket #2555). 2024-01-30 03:20:05 +03:00
ngx_http_core_module.c Support 407 code in "satisfy any" and "auth_delay" 2026-05-08 09:42:58 +04:00
ngx_http_core_module.h Added max_headers directive. 2026-04-06 14:08:36 +04:00
ngx_http_file_cache.c Fixed request termination with AIO and subrequests (ticket #2555). 2024-01-30 03:20:05 +03:00
ngx_http_header_filter_module.c Proxy authentication definitions. 2026-03-11 19:33:12 +04:00
ngx_http_huff_decode.c Adjusted Huffman coding debug logging, missed in 7977:336084ff943b. 2023-11-14 14:50:03 +04:00
ngx_http_huff_encode.c Moved Huffman coding out of HTTP/2. 2021-12-21 07:54:16 +03:00
ngx_http_parse.c Upstream: fixed parsing of split status lines 2026-05-13 21:19:47 +04:00
ngx_http_postpone_filter_module.c
ngx_http_request.c Restrict connection-specific headers in HTTP/2 and HTTP/3 2026-04-14 09:53:13 +04:00
ngx_http_request.h Proxy authentication for CONNECT requests 2026-05-08 09:42:58 +04:00
ngx_http_request_body.c Request body: restored buffered empty body special case 2026-04-30 15:09:24 +04:00
ngx_http_script.c Rewrite: fixed escaping and possible buffer overrun 2026-05-13 21:19:47 +04:00
ngx_http_script.h Upstream: variables support in certificates. 2021-05-06 02:22:09 +03:00
ngx_http_special_response.c Proxy authentication definitions. 2026-03-11 19:33:12 +04:00
ngx_http_upstream.c HTTP tunnel module 2026-05-08 09:42:58 +04:00
ngx_http_upstream.h HTTP tunnel module 2026-05-08 09:42:58 +04:00
ngx_http_upstream_round_robin.c Upstream: locked version of ngx_*_upstream_free_round_robin_peer(). 2026-05-04 21:19:40 +05:30
ngx_http_upstream_round_robin.h Upstream: least_time balancer module 2026-05-04 21:19:40 +05:30
ngx_http_variables.c Improved $cookie_ evaluation. 2026-02-12 10:52:20 -08:00
ngx_http_variables.h Combining unknown headers during variables lookup (ticket #1316). 2022-05-30 21:25:32 +03:00
ngx_http_write_filter_module.c Merged with the default branch. 2022-02-14 10:14:07 +03:00