Mercurial > hg > nginx-vendor-0-5
comparison src/http/ngx_http_parse.c @ 336:85cf055f9552 NGINX_0_5_38
nginx 0.5.38
*) Security: a segmentation fault might occur in worker process while
specially crafted request handling.
Thanks to Chris Ries.
*) Bugfix: a segmentation fault might occur in worker process, if
error_log was set to info or debug level.
Thanks to Sergey Bochenkov.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Mon, 14 Sep 2009 00:00:00 +0400 |
parents | c60beecc6ab5 |
children |
comparison
equal
deleted
inserted
replaced
335:90de406d5898 | 336:85cf055f9552 |
---|---|
736 | 736 |
737 switch (state) { | 737 switch (state) { |
738 | 738 |
739 /* first char */ | 739 /* first char */ |
740 case sw_start: | 740 case sw_start: |
741 r->header_name_start = p; | |
741 r->invalid_header = 0; | 742 r->invalid_header = 0; |
742 | 743 |
743 switch (ch) { | 744 switch (ch) { |
744 case CR: | 745 case CR: |
745 r->header_end = p; | 746 r->header_end = p; |
748 case LF: | 749 case LF: |
749 r->header_end = p; | 750 r->header_end = p; |
750 goto header_done; | 751 goto header_done; |
751 default: | 752 default: |
752 state = sw_name; | 753 state = sw_name; |
753 r->header_name_start = p; | |
754 | 754 |
755 c = lowcase[ch]; | 755 c = lowcase[ch]; |
756 | 756 |
757 if (c) { | 757 if (c) { |
758 hash = ngx_hash(0, c); | 758 hash = ngx_hash(0, c); |
1121 #if (NGX_WIN32) | 1121 #if (NGX_WIN32) |
1122 case '\\': | 1122 case '\\': |
1123 #endif | 1123 #endif |
1124 case '/': | 1124 case '/': |
1125 state = sw_slash; | 1125 state = sw_slash; |
1126 u -= 4; | 1126 u -= 5; |
1127 if (u < r->uri.data) { | 1127 for ( ;; ) { |
1128 return NGX_HTTP_PARSE_INVALID_REQUEST; | 1128 if (u < r->uri.data) { |
1129 } | 1129 return NGX_HTTP_PARSE_INVALID_REQUEST; |
1130 while (*(u - 1) != '/') { | 1130 } |
1131 if (*u == '/') { | |
1132 u++; | |
1133 break; | |
1134 } | |
1131 u--; | 1135 u--; |
1132 } | 1136 } |
1133 break; | 1137 break; |
1134 case '%': | 1138 case '%': |
1135 quoted_state = state; | 1139 quoted_state = state; |