From ff19dcd5c53d4af61d0a9397d4616f47f80ee207 Mon Sep 17 00:00:00 2001
From: Felipe Zimmerle <felipe@zimmerle.org>
Date: Mon, 30 Sep 2013 21:56:57 -0300
Subject: [PATCH] Bugfix: missing string terminator while mounting the charset
 (nginx)

The charset in headers is mounted using ngx_snprintf which
does not place the string terminator. This patch adds the
terminator at the end of the string. The size was correctly
allocated, just missing the terminator.

This bug was report at:
- https://www.modsecurity.org/tracker/browse/MODSEC-420
- https://github.com/SpiderLabs/ModSecurity/issues/142

Both reports cames with patch, first by Veli Pekka Jutila and
second by wellumies.
---
 nginx/modsecurity/ngx_http_modsecurity.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nginx/modsecurity/ngx_http_modsecurity.c b/nginx/modsecurity/ngx_http_modsecurity.c
index 21bf50bc22..679d29d63d 100644
--- a/nginx/modsecurity/ngx_http_modsecurity.c
+++ b/nginx/modsecurity/ngx_http_modsecurity.c
@@ -615,7 +615,7 @@ ngx_http_modsecurity_load_headers_out(ngx_http_request_t *r)
         }
 
         ngx_snprintf(content_type, content_type_len,
-                     "%V; charset=%V",
+                     "%V; charset=%V\0",
                      &r->headers_out.content_type,
                      &r->headers_out.charset);