Mercurial > hg > nginx-vendor-0-8
comparison src/http/ngx_http_parse.c @ 578:bc110f60c0de NGINX_0_8_41
nginx 0.8.41
*) Security: nginx/Windows worker might be terminated abnormally if a
requested file name has invalid UTF-8 encoding.
*) Change: now nginx allows to use spaces in a request line.
*) Bugfix: the "proxy_redirect" directive changed incorrectly a backend
"Refresh" response header line.
Thanks to Andrey Andreew and Max Sogin.
*) Bugfix: nginx did not support path without host name in
"Destination" request header line.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Tue, 15 Jun 2010 00:00:00 +0400 |
parents | 01f2313e34f1 |
children | 4d3e880ce86c |
comparison
equal
deleted
inserted
replaced
577:dd4c3325a56f | 578:bc110f60c0de |
---|---|
110 sw_schema, | 110 sw_schema, |
111 sw_schema_slash, | 111 sw_schema_slash, |
112 sw_schema_slash_slash, | 112 sw_schema_slash_slash, |
113 sw_host, | 113 sw_host, |
114 sw_port, | 114 sw_port, |
115 sw_host_http_09, | |
115 sw_after_slash_in_uri, | 116 sw_after_slash_in_uri, |
116 sw_check_uri, | 117 sw_check_uri, |
118 sw_check_uri_http_09, | |
117 sw_uri, | 119 sw_uri, |
118 sw_http_09, | 120 sw_http_09, |
119 sw_http_H, | 121 sw_http_H, |
120 sw_http_HT, | 122 sw_http_HT, |
121 sw_http_HTT, | 123 sw_http_HTT, |
206 case 5: | 208 case 5: |
207 if (ngx_str5cmp(m, 'M', 'K', 'C', 'O', 'L')) { | 209 if (ngx_str5cmp(m, 'M', 'K', 'C', 'O', 'L')) { |
208 r->method = NGX_HTTP_MKCOL; | 210 r->method = NGX_HTTP_MKCOL; |
209 } | 211 } |
210 | 212 |
213 if (ngx_str5cmp(m, 'P', 'A', 'T', 'C', 'H')) { | |
214 r->method = NGX_HTTP_PATCH; | |
215 } | |
216 | |
211 if (ngx_str5cmp(m, 'T', 'R', 'A', 'C', 'E')) { | 217 if (ngx_str5cmp(m, 'T', 'R', 'A', 'C', 'E')) { |
212 r->method = NGX_HTTP_TRACE; | 218 r->method = NGX_HTTP_TRACE; |
213 } | 219 } |
214 | 220 |
215 break; | 221 break; |
351 * use single "/" from request line to preserve pointers, | 357 * use single "/" from request line to preserve pointers, |
352 * if request line will be copied to large client buffer | 358 * if request line will be copied to large client buffer |
353 */ | 359 */ |
354 r->uri_start = r->schema_end + 1; | 360 r->uri_start = r->schema_end + 1; |
355 r->uri_end = r->schema_end + 2; | 361 r->uri_end = r->schema_end + 2; |
356 state = sw_http_09; | 362 state = sw_host_http_09; |
357 break; | 363 break; |
358 default: | 364 default: |
359 return NGX_HTTP_PARSE_INVALID_REQUEST; | 365 return NGX_HTTP_PARSE_INVALID_REQUEST; |
360 } | 366 } |
361 break; | 367 break; |
377 * use single "/" from request line to preserve pointers, | 383 * use single "/" from request line to preserve pointers, |
378 * if request line will be copied to large client buffer | 384 * if request line will be copied to large client buffer |
379 */ | 385 */ |
380 r->uri_start = r->schema_end + 1; | 386 r->uri_start = r->schema_end + 1; |
381 r->uri_end = r->schema_end + 2; | 387 r->uri_end = r->schema_end + 2; |
382 state = sw_http_09; | 388 state = sw_host_http_09; |
383 break; | 389 break; |
384 default: | 390 default: |
385 return NGX_HTTP_PARSE_INVALID_REQUEST; | 391 return NGX_HTTP_PARSE_INVALID_REQUEST; |
386 } | 392 } |
387 break; | 393 break; |
394 | |
395 /* space+ after "http://host[:port] " */ | |
396 case sw_host_http_09: | |
397 switch (ch) { | |
398 case ' ': | |
399 break; | |
400 case CR: | |
401 r->http_minor = 9; | |
402 state = sw_almost_done; | |
403 break; | |
404 case LF: | |
405 r->http_minor = 9; | |
406 goto done; | |
407 case 'H': | |
408 r->http_protocol.data = p; | |
409 state = sw_http_H; | |
410 break; | |
411 default: | |
412 return NGX_HTTP_PARSE_INVALID_REQUEST; | |
413 } | |
414 break; | |
415 | |
388 | 416 |
389 /* check "/.", "//", "%", and "\" (Win32) in URI */ | 417 /* check "/.", "//", "%", and "\" (Win32) in URI */ |
390 case sw_after_slash_in_uri: | 418 case sw_after_slash_in_uri: |
391 | 419 |
392 if (usual[ch >> 5] & (1 << (ch & 0x1f))) { | 420 if (usual[ch >> 5] & (1 << (ch & 0x1f))) { |
395 } | 423 } |
396 | 424 |
397 switch (ch) { | 425 switch (ch) { |
398 case ' ': | 426 case ' ': |
399 r->uri_end = p; | 427 r->uri_end = p; |
400 state = sw_http_09; | 428 state = sw_check_uri_http_09; |
401 break; | 429 break; |
402 case CR: | 430 case CR: |
403 r->uri_end = p; | 431 r->uri_end = p; |
404 r->http_minor = 9; | 432 r->http_minor = 9; |
405 state = sw_almost_done; | 433 state = sw_almost_done; |
460 case '.': | 488 case '.': |
461 r->uri_ext = p + 1; | 489 r->uri_ext = p + 1; |
462 break; | 490 break; |
463 case ' ': | 491 case ' ': |
464 r->uri_end = p; | 492 r->uri_end = p; |
465 state = sw_http_09; | 493 state = sw_check_uri_http_09; |
466 break; | 494 break; |
467 case CR: | 495 case CR: |
468 r->uri_end = p; | 496 r->uri_end = p; |
469 r->http_minor = 9; | 497 r->http_minor = 9; |
470 state = sw_almost_done; | 498 state = sw_almost_done; |
497 case '\0': | 525 case '\0': |
498 return NGX_HTTP_PARSE_INVALID_REQUEST; | 526 return NGX_HTTP_PARSE_INVALID_REQUEST; |
499 } | 527 } |
500 break; | 528 break; |
501 | 529 |
530 /* space+ after URI */ | |
531 case sw_check_uri_http_09: | |
532 switch (ch) { | |
533 case ' ': | |
534 break; | |
535 case CR: | |
536 r->http_minor = 9; | |
537 state = sw_almost_done; | |
538 break; | |
539 case LF: | |
540 r->http_minor = 9; | |
541 goto done; | |
542 case 'H': | |
543 r->http_protocol.data = p; | |
544 state = sw_http_H; | |
545 break; | |
546 default: | |
547 r->space_in_uri = 1; | |
548 state = sw_check_uri; | |
549 break; | |
550 } | |
551 break; | |
552 | |
553 | |
502 /* URI */ | 554 /* URI */ |
503 case sw_uri: | 555 case sw_uri: |
504 | 556 |
505 if (usual[ch >> 5] & (1 << (ch & 0x1f))) { | 557 if (usual[ch >> 5] & (1 << (ch & 0x1f))) { |
506 break; | 558 break; |
543 case 'H': | 595 case 'H': |
544 r->http_protocol.data = p; | 596 r->http_protocol.data = p; |
545 state = sw_http_H; | 597 state = sw_http_H; |
546 break; | 598 break; |
547 default: | 599 default: |
548 return NGX_HTTP_PARSE_INVALID_REQUEST; | 600 r->space_in_uri = 1; |
601 state = sw_uri; | |
602 break; | |
549 } | 603 } |
550 break; | 604 break; |
551 | 605 |
552 case sw_http_H: | 606 case sw_http_H: |
553 switch (ch) { | 607 switch (ch) { |