# HG changeset patch # User Igor Sysoev # Date 1131608693 0 # Node ID fcd6fc7ff7f9b132c35193d834e6e7d05026c716 # Parent 206160abe62e53352d499722733f836d63c1e386 nginx-0.3.9-RELEASE import *) Bugfix: nginx considered URI as unsafe if two any symbols was between two slashes; the bug had appeared in 0.3.8. diff --git a/docs/xml/nginx/changes.xml b/docs/xml/nginx/changes.xml --- a/docs/xml/nginx/changes.xml +++ b/docs/xml/nginx/changes.xml @@ -9,6 +9,23 @@ nginx changelog + + + + +nginx считал небезопасными URI, в которых между двумя слэшами +находилось два любых символа; +ошибка появилась в 0.3.8. + + +nginx considered URI as unsafe if two any symbols was between two slashes; +bug appeared in 0.3.8. + + + + + + @@ -119,7 +136,7 @@ and temporary files with client requests -рабочие процессы не сбрасывал буферизированные логи при плавном выходе. +рабочие процессы не сбрасывали буферизированные логи при плавном выходе. the worker processes did not flush the buffered logs on graceful exit. diff --git a/src/core/nginx.h b/src/core/nginx.h --- a/src/core/nginx.h +++ b/src/core/nginx.h @@ -8,7 +8,7 @@ #define _NGINX_H_INCLUDED_ -#define NGINX_VER "nginx/0.3.8" +#define NGINX_VER "nginx/0.3.9" #define NGINX_VAR "NGINX" #define NGX_OLDPID_EXT ".oldbin" diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c --- a/src/http/ngx_http_parse.c +++ b/src/http/ngx_http_parse.c @@ -1056,7 +1056,7 @@ ngx_http_parse_unsafe_uri(ngx_http_reque /* detect "/../" */ - if (p[2] == '/') { + if (p[0] == '.' && p[1] == '.' && p[2] == '/') { goto unsafe; } @@ -1070,7 +1070,9 @@ ngx_http_parse_unsafe_uri(ngx_http_reque /* detect "/.../" */ - if (p[3] == '/' || p[3] == '\\') { + if (p[0] == '.' && p[1] == '.' && p[2] == '.' + && (p[3] == '/' || p[3] == '\\')) + { goto unsafe; } }