Mercurial > hg > nginx-vendor-0-7
diff src/http/ngx_http_parse.c @ 500:ed3d382670c7 NGINX_0_7_62
nginx 0.7.62
*) Security: a segmentation fault might occur in worker process while
specially crafted request handling.
Thanks to Chris Ries.
*) Feature: the $upstream_cache_status variable.
*) Bugfix: an expired cached response might stick in the "UPDATING"
state.
*) Bugfix: a segmentation fault might occur in worker process, if
error_log was set to info or debug level.
Thanks to Sergey Bochenkov.
*) Bugfix: in handling FastCGI headers split in records.
*) Bugfix: XSLT filter may fail with message "not well formed XML
document" for valid XML document.
Thanks to Kuramoto Eiji.
*) Bugfix: now in MacOSX, Cygwin, and nginx/Windows locations given by
a regular expression are always tested in case insensitive mode.
*) Bugfix: now nginx/Windows ignores trailing dots in URI.
Thanks to Hugo Leisink.
*) Bugfix: name of file specified in --conf-path was not honored during
installation; the bug had appeared in 0.6.6.
Thanks to Maxim Dounin.
*) Bugfix: a 500 error code was returned for invalid login/password
while HTTP Basic authentication on Windows.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Mon, 14 Sep 2009 00:00:00 +0400 |
parents | 392c16f2d858 |
children | 89dc5654117c |
line wrap: on
line diff
--- a/src/http/ngx_http_parse.c +++ b/src/http/ngx_http_parse.c @@ -739,6 +739,7 @@ ngx_http_parse_header_line(ngx_http_requ /* first char */ case sw_start: + r->header_name_start = p; r->invalid_header = 0; switch (ch) { @@ -751,7 +752,6 @@ ngx_http_parse_header_line(ngx_http_requ goto header_done; default: state = sw_name; - r->header_name_start = p; c = lowcase[ch]; @@ -950,9 +950,6 @@ ngx_http_parse_complex_uri(ngx_http_requ sw_slash, sw_dot, sw_dot_dot, -#if (NGX_WIN32) - sw_dot_dot_dot, -#endif sw_quoted, sw_quoted_second } state, quoted_state; @@ -1137,65 +1134,15 @@ ngx_http_parse_complex_uri(ngx_http_requ #endif case '/': state = sw_slash; - u -= 4; - if (u < r->uri.data) { - return NGX_HTTP_PARSE_INVALID_REQUEST; - } - while (*(u - 1) != '/') { - u--; - } - break; - case '%': - quoted_state = state; - state = sw_quoted; - break; - case '?': - r->args_start = p; - goto args; - case '#': - goto done; -#if (NGX_WIN32) - case '.': - state = sw_dot_dot_dot; - *u++ = ch; - break; -#endif - case '+': - r->plus_in_uri = 1; - default: - state = sw_usual; - *u++ = ch; - break; - } - - ch = *p++; - break; - -#if (NGX_WIN32) - case sw_dot_dot_dot: - - if (usual[ch >> 5] & (1 << (ch & 0x1f))) { - state = sw_usual; - *u++ = ch; - ch = *p++; - break; - } - - switch(ch) { - case '\\': - case '/': - state = sw_slash; u -= 5; - if (u < r->uri.data) { - return NGX_HTTP_PARSE_INVALID_REQUEST; - } - while (*u != '/') { - u--; - } - if (u < r->uri.data) { - return NGX_HTTP_PARSE_INVALID_REQUEST; - } - while (*(u - 1) != '/') { + for ( ;; ) { + if (u < r->uri.data) { + return NGX_HTTP_PARSE_INVALID_REQUEST; + } + if (*u == '/') { + u++; + break; + } u--; } break; @@ -1218,7 +1165,6 @@ ngx_http_parse_complex_uri(ngx_http_requ ch = *p++; break; -#endif case sw_quoted: r->quoted_uri = 1; @@ -1369,20 +1315,6 @@ ngx_http_parse_unsafe_uri(ngx_http_reque if (p[0] == '.' && p[1] == '.' && ngx_path_separator(p[2])) { goto unsafe; } - -#if (NGX_WIN32) - - if (len > 3) { - - /* detect "/.../" */ - - if (p[0] == '.' && p[1] == '.' && p[2] == '.' - && ngx_path_separator(p[3])) - { - goto unsafe; - } - } -#endif } }