Mercurial > hg > nginx
diff src/http/ngx_http_request.c @ 4678:01dbbe7236ee stable-1.2
Merge of r4674, r4675, r4676: win32 fixes.
*) Win32: disallowed access to various non-canonical name variants.
This includes trailings dots and spaces, NTFS streams (and short names, as
previously checked). The checks are now also done in ngx_file_info(), thus
allowing to use the "try_files" directive to protect external scripts.
*) Win32: normalization of trailing dot inside uri.
Windows treats "/directory./" identical to "/directory/". Do the same
when working on Windows. Note that the behaviour is different from one
with last path component (where multiple spaces and dots are ignored by
Windows).
*) Win32: uris with ":$" are now rejected.
There are too many problems with special NTFS streams, notably "::$data",
"::$index_allocation" and ":$i30:$index_allocation".
For now we don't reject all URIs with ":" like Apache does as there are no
good reasons seen yet, and there are multiple programs using it in URLs
(e.g. MediaWiki).
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Tue, 05 Jun 2012 13:52:37 +0000 |
| parents | 0bb016b1fd2d |
| children | 613390a974df |
line wrap: on
line diff
--- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -812,7 +812,28 @@ ngx_http_process_request_line(ngx_event_ #if (NGX_WIN32) { - u_char *p; + u_char *p, *last; + + p = r->uri.data; + last = r->uri.data + r->uri.len; + + while (p < last) { + + if (*p++ == ':') { + + /* + * this check covers "::$data", "::$index_allocation" and + * ":$i30:$index_allocation" + */ + + if (p < last && *p == '$') { + ngx_log_error(NGX_LOG_INFO, c->log, 0, + "client sent unsafe win32 URI"); + ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); + return; + } + } + } p = r->uri.data + r->uri.len - 1; @@ -828,11 +849,6 @@ ngx_http_process_request_line(ngx_event_ continue; } - if (ngx_strncasecmp(p - 6, (u_char *) "::$data", 7) == 0) { - p -= 7; - continue; - } - break; }