Mercurial > hg > nginx-quic
comparison src/http/ngx_http_request.c @ 4678:01dbbe7236ee stable-1.2
Merge of r4674, r4675, r4676: win32 fixes.
*) Win32: disallowed access to various non-canonical name variants.
This includes trailings dots and spaces, NTFS streams (and short names, as
previously checked). The checks are now also done in ngx_file_info(), thus
allowing to use the "try_files" directive to protect external scripts.
*) Win32: normalization of trailing dot inside uri.
Windows treats "/directory./" identical to "/directory/". Do the same
when working on Windows. Note that the behaviour is different from one
with last path component (where multiple spaces and dots are ignored by
Windows).
*) Win32: uris with ":$" are now rejected.
There are too many problems with special NTFS streams, notably "::$data",
"::$index_allocation" and ":$i30:$index_allocation".
For now we don't reject all URIs with ":" like Apache does as there are no
good reasons seen yet, and there are multiple programs using it in URLs
(e.g. MediaWiki).
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 05 Jun 2012 13:52:37 +0000 |
parents | 0bb016b1fd2d |
children | 613390a974df |
comparison
equal
deleted
inserted
replaced
4672:4a4516a725dc | 4678:01dbbe7236ee |
---|---|
810 r->args.data = r->args_start; | 810 r->args.data = r->args_start; |
811 } | 811 } |
812 | 812 |
813 #if (NGX_WIN32) | 813 #if (NGX_WIN32) |
814 { | 814 { |
815 u_char *p; | 815 u_char *p, *last; |
816 | |
817 p = r->uri.data; | |
818 last = r->uri.data + r->uri.len; | |
819 | |
820 while (p < last) { | |
821 | |
822 if (*p++ == ':') { | |
823 | |
824 /* | |
825 * this check covers "::$data", "::$index_allocation" and | |
826 * ":$i30:$index_allocation" | |
827 */ | |
828 | |
829 if (p < last && *p == '$') { | |
830 ngx_log_error(NGX_LOG_INFO, c->log, 0, | |
831 "client sent unsafe win32 URI"); | |
832 ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); | |
833 return; | |
834 } | |
835 } | |
836 } | |
816 | 837 |
817 p = r->uri.data + r->uri.len - 1; | 838 p = r->uri.data + r->uri.len - 1; |
818 | 839 |
819 while (p > r->uri.data) { | 840 while (p > r->uri.data) { |
820 | 841 |
823 continue; | 844 continue; |
824 } | 845 } |
825 | 846 |
826 if (*p == '.') { | 847 if (*p == '.') { |
827 p--; | 848 p--; |
828 continue; | |
829 } | |
830 | |
831 if (ngx_strncasecmp(p - 6, (u_char *) "::$data", 7) == 0) { | |
832 p -= 7; | |
833 continue; | 849 continue; |
834 } | 850 } |
835 | 851 |
836 break; | 852 break; |
837 } | 853 } |