From 2d5b42693d083fa07e1970cbcb21a8b61421be7d Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sat, 26 Sep 2015 22:41:05 +0900
Subject: [PATCH] Don't expect NULL terminated name/value in
 nghttp2_hd_deflate_hd

If it is called through libnghttp2 internally, name/value pairs are
all NULL-terminated.  But it is one of public API, and we cannot
expect that applications always make NULL-terminated string for
name/value pairs.
---
 lib/nghttp2_hd.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/lib/nghttp2_hd.c b/lib/nghttp2_hd.c
index c1b5b059..3919506c 100644
--- a/lib/nghttp2_hd.c
+++ b/lib/nghttp2_hd.c
@@ -509,12 +509,14 @@ int nghttp2_hd_entry_init(nghttp2_hd_entry *ent, uint8_t flags, uint8_t *name,
       flags = (uint8_t)(flags & ~NGHTTP2_HD_FLAG_NAME_ALLOC);
       ent->nv.name = (uint8_t *)"";
     } else {
-      /* copy including terminating NULL byte */
-      ent->nv.name = nghttp2_memdup(name, namelen + 1, mem);
+      /* name may not be NULL terminated on compression. */
+      ent->nv.name = nghttp2_mem_malloc(mem, namelen + 1);
       if (ent->nv.name == NULL) {
         rv = NGHTTP2_ERR_NOMEM;
         goto fail;
       }
+      memcpy(ent->nv.name, name, namelen);
+      ent->nv.name[namelen] = '\0';
     }
   } else {
     ent->nv.name = name;
@@ -525,12 +527,14 @@ int nghttp2_hd_entry_init(nghttp2_hd_entry *ent, uint8_t flags, uint8_t *name,
       flags = (uint8_t)(flags & ~NGHTTP2_HD_FLAG_VALUE_ALLOC);
       ent->nv.value = (uint8_t *)"";
     } else {
-      /* copy including terminating NULL byte */
-      ent->nv.value = nghttp2_memdup(value, valuelen + 1, mem);
+      /* value may not be NULL terminated on compression. */
+      ent->nv.value = nghttp2_mem_malloc(mem, valuelen + 1);
       if (ent->nv.value == NULL) {
         rv = NGHTTP2_ERR_NOMEM;
         goto fail2;
       }
+      memcpy(ent->nv.value, value, valuelen);
+      ent->nv.value[valuelen] = '\0';
     }
   } else {
     ent->nv.value = value;
@@ -1429,7 +1433,8 @@ static int deflate_nv(nghttp2_hd_deflater *deflater, nghttp2_bufs *bufs,
   nghttp2_mem *mem;
   uint32_t hash;
 
-  DEBUGF(fprintf(stderr, "deflatehd: deflating %s: %s\n", nv->name, nv->value));
+  DEBUGF(fprintf(stderr, "deflatehd: deflating %.*s: %.*s\n", (int)nv->namelen,
+                 nv->name, (int)nv->valuelen, nv->value));
 
   mem = deflater->ctx.mem;