# HG changeset patch # User Ruslan Ermilov # Date 1570560974 -10800 # Node ID 79bcbe7cd3f239daca90ef1eaf3c4d1415525734 # Parent 5a3426683251a6795bd3e7265c1b0e4f30b1174e The "/." and "/.." at the end of URI should be normalized. diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c --- a/src/http/ngx_http_parse.c +++ b/src/http/ngx_http_parse.c @@ -1437,9 +1437,11 @@ ngx_http_parse_complex_uri(ngx_http_requ state = sw_quoted; break; case '?': + u--; r->args_start = p; goto args; case '#': + u--; goto done; case '+': r->plus_in_uri = 1; @@ -1467,7 +1469,8 @@ ngx_http_parse_complex_uri(ngx_http_requ case '\\': #endif case '/': - state = sw_slash; + case '?': + case '#': u -= 5; for ( ;; ) { if (u < r->uri.data) { @@ -1479,16 +1482,19 @@ ngx_http_parse_complex_uri(ngx_http_requ } u--; } + if (ch == '?') { + r->args_start = p; + goto args; + } + if (ch == '#') { + goto done; + } + state = sw_slash; break; case '%': quoted_state = state; state = sw_quoted; break; - case '?': - r->args_start = p; - goto args; - case '#': - goto done; case '+': r->plus_in_uri = 1; /* fall through */ @@ -1565,6 +1571,26 @@ ngx_http_parse_complex_uri(ngx_http_requ return NGX_HTTP_PARSE_INVALID_REQUEST; } + if (state == sw_dot) { + u--; + + } else if (state == sw_dot_dot) { + u -= 5; + + for ( ;; ) { + if (u < r->uri.data) { + return NGX_HTTP_PARSE_INVALID_REQUEST; + } + + if (*u == '/') { + u++; + break; + } + + u--; + } + } + done: r->uri.len = u - r->uri.data;