Mercurial > hg > nginx
comparison src/http/ngx_http_parse.c @ 5490:b141a7627ac6
Detect more unsafe URIs in ngx_http_parse_unsafe_uri().
The following URIs were considered safe: "..", "../foo", and "/foo/..".
author | Ruslan Ermilov <ru@nginx.com> |
---|---|
date | Mon, 23 Dec 2013 18:11:56 +0400 |
parents | 63f960bbc52f |
children | 74bfa803a5aa |
comparison
equal
deleted
inserted
replaced
5489:6d357b2a9d6e | 5490:b141a7627ac6 |
---|---|
1788 | 1788 |
1789 if (len == 0 || p[0] == '?') { | 1789 if (len == 0 || p[0] == '?') { |
1790 goto unsafe; | 1790 goto unsafe; |
1791 } | 1791 } |
1792 | 1792 |
1793 if (p[0] == '.' && len == 3 && p[1] == '.' && (ngx_path_separator(p[2]))) { | 1793 if (p[0] == '.' && len > 1 && p[1] == '.' |
1794 && (len == 2 || ngx_path_separator(p[2]))) | |
1795 { | |
1794 goto unsafe; | 1796 goto unsafe; |
1795 } | 1797 } |
1796 | 1798 |
1797 for ( /* void */ ; len; len--) { | 1799 for ( /* void */ ; len; len--) { |
1798 | 1800 |
1814 goto unsafe; | 1816 goto unsafe; |
1815 } | 1817 } |
1816 | 1818 |
1817 if (ngx_path_separator(ch) && len > 2) { | 1819 if (ngx_path_separator(ch) && len > 2) { |
1818 | 1820 |
1819 /* detect "/../" */ | 1821 /* detect "/../" and "/.." */ |
1820 | 1822 |
1821 if (p[0] == '.' && p[1] == '.' && ngx_path_separator(p[2])) { | 1823 if (p[0] == '.' && p[1] == '.' |
1824 && (len == 3 || ngx_path_separator(p[2]))) | |
1825 { | |
1822 goto unsafe; | 1826 goto unsafe; |
1823 } | 1827 } |
1824 } | 1828 } |
1825 } | 1829 } |
1826 | 1830 |