From 05a38c707728bba20e21c57dcb8035574b56e055 Mon Sep 17 00:00:00 2001
From: Ruslan Ermilov <ru@nginx.com>
Date: Fri, 6 Nov 2015 15:21:51 +0300
Subject: [PATCH] Proxy: improved code readability.

Do not assume that space character follows the method name, just pass it
explicitly.

The fuss around it has already proved to be unsafe, see bbdb172f0927 and
http://mailman.nginx.org/pipermail/nginx-ru/2013-January/049692.html for
details.
---
 src/http/modules/ngx_http_proxy_module.c | 17 +++++------------
 1 file changed, 5 insertions(+), 12 deletions(-)

diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c
index e9224e24d..a869e74c3 100644
--- a/src/http/modules/ngx_http_proxy_module.c
+++ b/src/http/modules/ngx_http_proxy_module.c
@@ -1157,25 +1157,24 @@ ngx_http_proxy_create_request(ngx_http_request_t *r)
     if (u->method.len) {
         /* HEAD was changed to GET to cache response */
         method = u->method;
-        method.len++;
 
     } else if (plcf->method.len) {
         method = plcf->method;
 
     } else {
         method = r->method_name;
-        method.len++;
     }
 
     ctx = ngx_http_get_module_ctx(r, ngx_http_proxy_module);
 
-    if (method.len == 5
-        && ngx_strncasecmp(method.data, (u_char *) "HEAD ", 5) == 0)
+    if (method.len == 4
+        && ngx_strncasecmp(method.data, (u_char *) "HEAD", 4) == 0)
     {
         ctx->head = 1;
     }
 
-    len = method.len + sizeof(ngx_http_proxy_version) - 1 + sizeof(CRLF) - 1;
+    len = method.len + 1 + sizeof(ngx_http_proxy_version) - 1
+          + sizeof(CRLF) - 1;
 
     escape = 0;
     loc_len = 0;
@@ -1294,6 +1293,7 @@ ngx_http_proxy_create_request(ngx_http_request_t *r)
     /* the request line */
 
     b->last = ngx_copy(b->last, method.data, method.len);
+    *b->last++ = ' ';
 
     u->uri.data = b->last;
 
@@ -3159,13 +3159,6 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
 
     ngx_conf_merge_str_value(conf->method, prev->method, "");
 
-    if (conf->method.len
-        && conf->method.data[conf->method.len - 1] != ' ')
-    {
-        conf->method.data[conf->method.len] = ' ';
-        conf->method.len++;
-    }
-
     ngx_conf_merge_value(conf->upstream.pass_request_headers,
                               prev->upstream.pass_request_headers, 1);
     ngx_conf_merge_value(conf->upstream.pass_request_body,