Mercurial > hg > nginx-ranges

comparison src/http/ngx_http_parse.c @ 520:24b676623d4f NGINX_0_8_7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
nginx 0.8.7 *) Change: minimum supported OpenSSL version is 0.9.7. *) Change: the "ask" parameter of the "ssl_verify_client" directive was changed to the "optional" parameter and now it checks a client certificate if it was offered. Thanks to Brice Figureau. *) Feature: the $ssl_client_verify variable. Thanks to Brice Figureau. *) Feature: the "ssl_crl" directive. Thanks to Brice Figureau. *) Feature: the "proxy" parameter of the "geo" directive. *) Feature: the "image_filter" directive supports variables for setting size. *) Bugfix: the $ssl_client_cert variable usage corrupted memory; the bug had appeared in 0.7.7. Thanks to Sergey Zhuravlev. *) Bugfix: "proxy_pass_header" and "fastcgi_pass_header" directives did not pass to a client the "X-Accel-Redirect", "X-Accel-Limit-Rate", "X-Accel-Buffering", and "X-Accel-Charset" lines from backend response header. Thanks to Maxim Dounin. *) Bugfix: in handling "Last-Modified" and "Accept-Ranges" backend response header lines; the bug had appeared in 0.7.44. Thanks to Maxim Dounin. *) Bugfix: the "[alert] zero size buf" error if subrequest returns an empty response; the bug had appeared in 0.8.5.
author Igor Sysoev <http://sysoev.ru>
date Mon, 27 Jul 2009 00:00:00 +0400
parents e8b686f230a8
children 80f7156c2965
comparison
equal deleted inserted replaced
519:41f4e459ace8 520:24b676623d4f
948 enum { 948 enum {
949 sw_usual = 0, 949 sw_usual = 0,
950 sw_slash, 950 sw_slash,
951 sw_dot, 951 sw_dot,
952 sw_dot_dot, 952 sw_dot_dot,
953 #if (NGX_WIN32)
954 sw_dot_dot_dot,
955 #endif
956 sw_quoted, 953 sw_quoted,
957 sw_quoted_second 954 sw_quoted_second
958 } state, quoted_state; 955 } state, quoted_state;
959 956
960 #if (NGX_SUPPRESS_WARN) 957 #if (NGX_SUPPRESS_WARN)
1152 case '?': 1149 case '?':
1153 r->args_start = p; 1150 r->args_start = p;
1154 goto args; 1151 goto args;
1155 case '#': 1152 case '#':
1156 goto done; 1153 goto done;
1157 #if (NGX_WIN32)
1158 case '.':
1159 state = sw_dot_dot_dot;
1160 *u++ = ch;
1161 break;
1162 #endif
1163 case '+': 1154 case '+':
1164 r->plus_in_uri = 1; 1155 r->plus_in_uri = 1;
1165 default: 1156 default:
1166 state = sw_usual; 1157 state = sw_usual;
1167 *u++ = ch; 1158 *u++ = ch;
1168 break; 1159 break;
1169 } 1160 }
1170 1161
1171 ch = *p++; 1162 ch = *p++;
1172 break; 1163 break;
1173
1174 #if (NGX_WIN32)
1175 case sw_dot_dot_dot:
1176
1177 if (usual[ch >> 5] & (1 << (ch & 0x1f))) {
1178 state = sw_usual;
1179 *u++ = ch;
1180 ch = *p++;
1181 break;
1182 }
1183
1184 switch(ch) {
1185 case '\\':
1186 case '/':
1187 state = sw_slash;
1188 u -= 5;
1189 if (u < r->uri.data) {
1190 return NGX_HTTP_PARSE_INVALID_REQUEST;
1191 }
1192 while (*u != '/') {
1193 u--;
1194 }
1195 if (u < r->uri.data) {
1196 return NGX_HTTP_PARSE_INVALID_REQUEST;
1197 }
1198 while (*(u - 1) != '/') {
1199 u--;
1200 }
1201 break;
1202 case '%':
1203 quoted_state = state;
1204 state = sw_quoted;
1205 break;
1206 case '?':
1207 r->args_start = p;
1208 goto args;
1209 case '#':
1210 goto done;
1211 case '+':
1212 r->plus_in_uri = 1;
1213 default:
1214 state = sw_usual;
1215 *u++ = ch;
1216 break;
1217 }
1218
1219 ch = *p++;
1220 break;
1221 #endif
1222 1164
1223 case sw_quoted: 1165 case sw_quoted:
1224 r->quoted_uri = 1; 1166 r->quoted_uri = 1;
1225 1167
1226 if (ch >= '0' && ch <= '9') { 1168 if (ch >= '0' && ch <= '9') {
1367 /* detect "/../" */ 1309 /* detect "/../" */
1368 1310
1369 if (p[0] == '.' && p[1] == '.' && ngx_path_separator(p[2])) { 1311 if (p[0] == '.' && p[1] == '.' && ngx_path_separator(p[2])) {
1370 goto unsafe; 1312 goto unsafe;
1371 } 1313 }
1372
1373 #if (NGX_WIN32)
1374
1375 if (len > 3) {
1376
1377 /* detect "/.../" */
1378
1379 if (p[0] == '.' && p[1] == '.' && p[2] == '.'
1380 && ngx_path_separator(p[3]))
1381 {
1382 goto unsafe;
1383 }
1384 }
1385 #endif
1386 } 1314 }
1387 } 1315 }
1388 1316
1389 return NGX_OK; 1317 return NGX_OK;
1390 1318