Incorrect handling of r->main->count

[agentzh]

When an attack occurs, this module will decrement r->main->count one more time, which can lead to r->main->count overflow. This issue can be trivially reproduced by the mockeagain tool:

https://github.com/agentzh/mockeagain

The following patch fixes this:

diff --git a/ngx_hashdos_module.c b/ngx_hashdos_module.c
index 535b993..0ea8085 100644
--- a/ngx_hashdos_module.c
+++ b/ngx_hashdos_module.c
@@ -235,7 +235,6 @@ ngx_hashdos_request_body_handler(ngx_http_request_t *r)
r->headers_in.content_length_n,count,limit);
ctx->waiting_more_body = 0;
ctx->done = 1;

•    r->main->count--;
  

  }

  if (ctx->waiting_more_body) {

[agentzh]

BTW, for the current implementation, when mockeagain is turned on, a trivial example of exceeding the query arg limit can cause the nginx server to loop indefinitely ;) After applying the patch, tests are passing with mockeagain.