# HG changeset patch
# User Ruslan Ermilov <ru@nginx.com>
# Date 1355411119 0
# Node ID 9f4cdc7a857883ac98e642562e018071c675b47d
# Parent  13a5202b6b4bb334805a64be81b507e06570c7e2
Fixed variable syntax checking in "set", "geo", "limit_conn_zone",
and "perl_set" directives.

diff --git a/src/http/modules/ngx_http_geo_module.c b/src/http/modules/ngx_http_geo_module.c
--- a/src/http/modules/ngx_http_geo_module.c
+++ b/src/http/modules/ngx_http_geo_module.c
@@ -322,6 +322,13 @@ ngx_http_geo_block(ngx_conf_t *cf, ngx_c
     }
 
     name = value[1];
+
+    if (name.len < 2 || name.data[0] != '$') {
+        ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+                           "invalid variable name \"%V\"", &name);
+        return NGX_CONF_ERROR;
+    }
+
     name.len--;
     name.data++;
 
diff --git a/src/http/modules/ngx_http_limit_conn_module.c b/src/http/modules/ngx_http_limit_conn_module.c
--- a/src/http/modules/ngx_http_limit_conn_module.c
+++ b/src/http/modules/ngx_http_limit_conn_module.c
@@ -540,7 +540,7 @@ ngx_http_limit_conn_zone(ngx_conf_t *cf,
             continue;
         }
 
-        if (value[i].data[0] == '$') {
+        if (value[i].len > 1 && value[i].data[0] == '$') {
 
             value[i].len--;
             value[i].data++;
@@ -613,7 +613,7 @@ ngx_http_limit_zone(ngx_conf_t *cf, ngx_
 
     value = cf->args->elts;
 
-    if (value[2].data[0] != '$') {
+    if (value[2].len < 2 || value[2].data[0] != '$') {
         ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
                            "invalid variable name \"%V\"", &value[2]);
         return NGX_CONF_ERROR;
diff --git a/src/http/modules/ngx_http_rewrite_module.c b/src/http/modules/ngx_http_rewrite_module.c
--- a/src/http/modules/ngx_http_rewrite_module.c
+++ b/src/http/modules/ngx_http_rewrite_module.c
@@ -908,7 +908,7 @@ ngx_http_rewrite_set(ngx_conf_t *cf, ngx
 
     value = cf->args->elts;
 
-    if (value[1].data[0] != '$') {
+    if (value[1].len < 2 || value[1].data[0] != '$') {
         ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
                            "invalid variable name \"%V\"", &value[1]);
         return NGX_CONF_ERROR;
diff --git a/src/http/modules/perl/ngx_http_perl_module.c b/src/http/modules/perl/ngx_http_perl_module.c
--- a/src/http/modules/perl/ngx_http_perl_module.c
+++ b/src/http/modules/perl/ngx_http_perl_module.c
@@ -968,7 +968,7 @@ ngx_http_perl_set(ngx_conf_t *cf, ngx_co
 
     value = cf->args->elts;
 
-    if (value[1].data[0] != '$') {
+    if (value[1].len < 2 || value[1].data[0] != '$') {
         ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
                            "invalid variable name \"%V\"", &value[1]);
         return NGX_CONF_ERROR;