Mercurial > hg > nginx
comparison src/http/ngx_http_parse.c @ 5490:b141a7627ac6
Detect more unsafe URIs in ngx_http_parse_unsafe_uri().
The following URIs were considered safe: "..", "../foo", and "/foo/..".
| author | Ruslan Ermilov <ru@nginx.com> |
|---|---|
| date | Mon, 23 Dec 2013 18:11:56 +0400 |
| parents | 63f960bbc52f |
| children | 74bfa803a5aa |
comparison
equal
deleted
inserted
replaced
| 5489:6d357b2a9d6e | 5490:b141a7627ac6 |
|---|---|
| 1788 | 1788 |
| 1789 if (len == 0 || p[0] == '?') { | 1789 if (len == 0 || p[0] == '?') { |
| 1790 goto unsafe; | 1790 goto unsafe; |
| 1791 } | 1791 } |
| 1792 | 1792 |
| 1793 if (p[0] == '.' && len == 3 && p[1] == '.' && (ngx_path_separator(p[2]))) { | 1793 if (p[0] == '.' && len > 1 && p[1] == '.' |
| 1794 && (len == 2 || ngx_path_separator(p[2]))) | |
| 1795 { | |
| 1794 goto unsafe; | 1796 goto unsafe; |
| 1795 } | 1797 } |
| 1796 | 1798 |
| 1797 for ( /* void */ ; len; len--) { | 1799 for ( /* void */ ; len; len--) { |
| 1798 | 1800 |
| 1814 goto unsafe; | 1816 goto unsafe; |
| 1815 } | 1817 } |
| 1816 | 1818 |
| 1817 if (ngx_path_separator(ch) && len > 2) { | 1819 if (ngx_path_separator(ch) && len > 2) { |
| 1818 | 1820 |
| 1819 /* detect "/../" */ | 1821 /* detect "/../" and "/.." */ |
| 1820 | 1822 |
| 1821 if (p[0] == '.' && p[1] == '.' && ngx_path_separator(p[2])) { | 1823 if (p[0] == '.' && p[1] == '.' |
| 1824 && (len == 3 || ngx_path_separator(p[2]))) | |
| 1825 { | |
| 1822 goto unsafe; | 1826 goto unsafe; |
| 1823 } | 1827 } |
| 1824 } | 1828 } |
| 1825 } | 1829 } |
| 1826 | 1830 |