Mercurial > hg > nginx

changeset 7881:52338ddf9e2f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Disabled spaces in URIs (ticket #196). From now on, requests with spaces in URIs are immediately rejected rather than allowed. Spaces were allowed in 31e9677b15a1 (0.8.41) to handle bad clients. It is believed that now this behaviour causes more harm than good.
author Maxim Dounin <mdounin@mdounin.ru>
date Mon, 28 Jun 2021 18:01:13 +0300
parents dfd8dfb436e5
children b4073527be81
files src/http/modules/ngx_http_proxy_module.c src/http/ngx_http_parse.c src/http/ngx_http_request.c src/http/ngx_http_request.h
diffstat 4 files changed, 11 insertions(+), 70 deletions(-) [+]
line wrap: on
line diff
--- a/src/http/modules/ngx_http_proxy_module.c
+++ b/src/http/modules/ngx_http_proxy_module.c
@@ -1186,7 +1186,7 @@ ngx_http_proxy_create_key(ngx_http_reque
 
     loc_len = (r->valid_location && ctx->vars.uri.len) ? plcf->location.len : 0;
 
-    if (r->quoted_uri || r->space_in_uri || r->internal) {
+    if (r->quoted_uri || r->internal) {
         escape = 2 * ngx_escape_uri(NULL, r->uri.data + loc_len,
                                     r->uri.len - loc_len, NGX_ESCAPE_URI);
     } else {
@@ -1299,7 +1299,7 @@ ngx_http_proxy_create_request(ngx_http_r
         loc_len = (r->valid_location && ctx->vars.uri.len) ?
                       plcf->location.len : 0;
 
-        if (r->quoted_uri || r->space_in_uri || r->internal) {
+        if (r->quoted_uri || r->internal) {
             escape = 2 * ngx_escape_uri(NULL, r->uri.data + loc_len,
                                         r->uri.len - loc_len, NGX_ESCAPE_URI);
         }
--- a/src/http/ngx_http_parse.c
+++ b/src/http/ngx_http_parse.c
@@ -116,10 +116,8 @@ ngx_http_parse_request_line(ngx_http_req
         sw_host_end,
         sw_host_ip_literal,
         sw_port,
-        sw_host_http_09,
         sw_after_slash_in_uri,
         sw_check_uri,
-        sw_check_uri_http_09,
         sw_uri,
         sw_http_09,
         sw_http_H,
@@ -398,7 +396,7 @@ ngx_http_parse_request_line(ngx_http_req
                  */
                 r->uri_start = r->schema_end + 1;
                 r->uri_end = r->schema_end + 2;
-                state = sw_host_http_09;
+                state = sw_http_09;
                 break;
             default:
                 return NGX_HTTP_PARSE_INVALID_REQUEST;
@@ -472,35 +470,13 @@ ngx_http_parse_request_line(ngx_http_req
                  */
                 r->uri_start = r->schema_end + 1;
                 r->uri_end = r->schema_end + 2;
-                state = sw_host_http_09;
+                state = sw_http_09;
                 break;
             default:
                 return NGX_HTTP_PARSE_INVALID_REQUEST;
             }
             break;
 
-        /* space+ after "http://host[:port] " */
-        case sw_host_http_09:
-            switch (ch) {
-            case ' ':
-                break;
-            case CR:
-                r->http_minor = 9;
-                state = sw_almost_done;
-                break;
-            case LF:
-                r->http_minor = 9;
-                goto done;
-            case 'H':
-                r->http_protocol.data = p;
-                state = sw_http_H;
-                break;
-            default:
-                return NGX_HTTP_PARSE_INVALID_REQUEST;
-            }
-            break;
-
-
         /* check "/.", "//", "%", and "\" (Win32) in URI */
         case sw_after_slash_in_uri:
 
@@ -512,7 +488,7 @@ ngx_http_parse_request_line(ngx_http_req
             switch (ch) {
             case ' ':
                 r->uri_end = p;
-                state = sw_check_uri_http_09;
+                state = sw_http_09;
                 break;
             case CR:
                 r->uri_end = p;
@@ -584,7 +560,7 @@ ngx_http_parse_request_line(ngx_http_req
                 break;
             case ' ':
                 r->uri_end = p;
-                state = sw_check_uri_http_09;
+                state = sw_http_09;
                 break;
             case CR:
                 r->uri_end = p;
@@ -621,31 +597,6 @@ ngx_http_parse_request_line(ngx_http_req
             }
             break;
 
-        /* space+ after URI */
-        case sw_check_uri_http_09:
-            switch (ch) {
-            case ' ':
-                break;
-            case CR:
-                r->http_minor = 9;
-                state = sw_almost_done;
-                break;
-            case LF:
-                r->http_minor = 9;
-                goto done;
-            case 'H':
-                r->http_protocol.data = p;
-                state = sw_http_H;
-                break;
-            default:
-                r->space_in_uri = 1;
-                state = sw_check_uri;
-                p--;
-                break;
-            }
-            break;
-
-
         /* URI */
         case sw_uri:
 
@@ -692,10 +643,7 @@ ngx_http_parse_request_line(ngx_http_req
                 state = sw_http_H;
                 break;
             default:
-                r->space_in_uri = 1;
-                state = sw_uri;
-                p--;
-                break;
+                return NGX_HTTP_PARSE_INVALID_REQUEST;
             }
             break;
 
@@ -1171,9 +1119,7 @@ ngx_http_parse_uri(ngx_http_request_t *r
 
             switch (ch) {
             case ' ':
-                r->space_in_uri = 1;
-                state = sw_check_uri;
-                break;
+                return NGX_ERROR;
             case '.':
                 r->complex_uri = 1;
                 state = sw_uri;
@@ -1232,8 +1178,7 @@ ngx_http_parse_uri(ngx_http_request_t *r
                 r->uri_ext = p + 1;
                 break;
             case ' ':
-                r->space_in_uri = 1;
-                break;
+                return NGX_ERROR;
 #if (NGX_WIN32)
             case '\\':
                 r->complex_uri = 1;
@@ -1267,8 +1212,7 @@ ngx_http_parse_uri(ngx_http_request_t *r
 
             switch (ch) {
             case ' ':
-                r->space_in_uri = 1;
-                break;
+                return NGX_ERROR;
             case '#':
                 r->complex_uri = 1;
                 break;
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -1264,7 +1264,7 @@ ngx_http_process_request_uri(ngx_http_re
     r->unparsed_uri.len = r->uri_end - r->uri_start;
     r->unparsed_uri.data = r->uri_start;
 
-    r->valid_unparsed_uri = (r->space_in_uri || r->empty_path_in_uri) ? 0 : 1;
+    r->valid_unparsed_uri = r->empty_path_in_uri ? 0 : 1;
 
     if (r->uri_ext) {
         if (r->args_start) {
--- a/src/http/ngx_http_request.h
+++ b/src/http/ngx_http_request.h
@@ -468,9 +468,6 @@ struct ngx_http_request_s {
     /* URI with "+" */
     unsigned                          plus_in_uri:1;
 
-    /* URI with " " */
-    unsigned                          space_in_uri:1;
-
     /* URI with empty path */
     unsigned                          empty_path_in_uri:1;