Mercurial > hg > nginx
changeset 4710:5a4666d4b6cb stable-1.2
Merge of r4636, r4637, r4638: config sanity checks.
*) Added syntax checking of the second parameter of the "split_clients"
directive.
*) Capped the status code that may be returned with "return" and
"try_files".
*) Zero padded the returned and logged HTTP status code, and fixed possible
buffer overrun in $status handling.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Fri, 29 Jun 2012 17:28:41 +0000 |
parents | 668de9844a02 |
children | 7cb78d9289b8 |
files | src/http/modules/ngx_http_log_module.c src/http/modules/ngx_http_rewrite_module.c src/http/modules/ngx_http_split_clients_module.c src/http/ngx_http_core_module.c src/http/ngx_http_header_filter_module.c |
diffstat | 5 files changed, 17 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/src/http/modules/ngx_http_log_module.c +++ b/src/http/modules/ngx_http_log_module.c @@ -205,7 +205,7 @@ static ngx_http_log_var_t ngx_http_log_ { ngx_string("msec"), NGX_TIME_T_LEN + 4, ngx_http_log_msec }, { ngx_string("request_time"), NGX_TIME_T_LEN + 4, ngx_http_log_request_time }, - { ngx_string("status"), 3, ngx_http_log_status }, + { ngx_string("status"), NGX_INT_T_LEN, ngx_http_log_status }, { ngx_string("bytes_sent"), NGX_OFF_T_LEN, ngx_http_log_bytes_sent }, { ngx_string("body_bytes_sent"), NGX_OFF_T_LEN, ngx_http_log_body_bytes_sent }, @@ -593,7 +593,7 @@ ngx_http_log_status(ngx_http_request_t * status = 0; } - return ngx_sprintf(buf, "%ui", status); + return ngx_sprintf(buf, "%03ui", status); }
--- a/src/http/modules/ngx_http_rewrite_module.c +++ b/src/http/modules/ngx_http_rewrite_module.c @@ -485,6 +485,12 @@ ngx_http_rewrite_return(ngx_conf_t *cf, } else { + if (ret->status > 999) { + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "invalid return code \"%V\"", &value[1]); + return NGX_CONF_ERROR; + } + if (cf->args->nelts == 2) { return NGX_CONF_OK; }
--- a/src/http/modules/ngx_http_split_clients_module.c +++ b/src/http/modules/ngx_http_split_clients_module.c @@ -138,6 +138,13 @@ ngx_conf_split_clients_block(ngx_conf_t } name = value[2]; + + if (name.len < 2 || name.data[0] != '$') { + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "invalid variable name \"%V\"", &name); + return NGX_CONF_ERROR; + } + name.len--; name.data++;
--- a/src/http/ngx_http_core_module.c +++ b/src/http/ngx_http_core_module.c @@ -4662,7 +4662,7 @@ ngx_http_core_try_files(ngx_conf_t *cf, code = ngx_atoi(tf[i - 1].name.data + 1, tf[i - 1].name.len - 2); - if (code == NGX_ERROR) { + if (code == NGX_ERROR || code > 999) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid code \"%*s\"", tf[i - 1].name.len - 1, tf[i - 1].name.data);
--- a/src/http/ngx_http_header_filter_module.c +++ b/src/http/ngx_http_header_filter_module.c @@ -445,7 +445,7 @@ ngx_http_header_filter(ngx_http_request_ b->last = ngx_copy(b->last, status_line->data, status_line->len); } else { - b->last = ngx_sprintf(b->last, "%ui", status); + b->last = ngx_sprintf(b->last, "%03ui", status); } *b->last++ = CR; *b->last++ = LF;