Mercurial > hg > nginx

changeset 7752:8989fbd2f89a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fixed parsing of absolute URIs with empty path (ticket #2079). When the request line contains request-target in the absolute-URI form, it can contain path-empty instead of a single slash (see RFC 7230, RFC 3986). Previously, the ngx_http_parse_request_line() function only accepted empty path when there was no query string. With this change, non-empty query is also correctly handled. That is, request line "GET http://example.com?foo HTTP/1.1" is accepted and results in $uri "/" and $args "foo". Note that $request_uri remains "?foo", similarly to how spaces in URIs are handled. Providing "/?foo", similarly to how "/" is provided for "GET http://example.com HTTP/1.1", requires allocation.
author Maxim Dounin <mdounin@mdounin.ru>
date Thu, 10 Dec 2020 20:09:30 +0300
parents 7efae6b4cfb0
children 2fec22332ff4
files src/http/ngx_http_parse.c src/http/ngx_http_request.c src/http/ngx_http_request.h
diffstat 3 files changed, 26 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/src/http/ngx_http_parse.c
+++ b/src/http/ngx_http_parse.c
@@ -380,6 +380,12 @@ ngx_http_parse_request_line(ngx_http_req
                 r->uri_start = p;
                 state = sw_after_slash_in_uri;
                 break;
+            case '?':
+                r->uri_start = p;
+                r->args_start = p + 1;
+                r->empty_path_in_uri = 1;
+                state = sw_uri;
+                break;
             case ' ':
                 /*
                  * use single "/" from request line to preserve pointers,
@@ -446,6 +452,13 @@ ngx_http_parse_request_line(ngx_http_req
                 r->uri_start = p;
                 state = sw_after_slash_in_uri;
                 break;
+            case '?':
+                r->port_end = p;
+                r->uri_start = p;
+                r->args_start = p + 1;
+                r->empty_path_in_uri = 1;
+                state = sw_uri;
+                break;
             case ' ':
                 r->port_end = p;
                 /*
@@ -1287,6 +1300,10 @@ ngx_http_parse_complex_uri(ngx_http_requ
     r->uri_ext = NULL;
     r->args_start = NULL;
 
+    if (r->empty_path_in_uri) {
+        *u++ = '/';
+    }
+
     ch = *p++;
 
     while (p <= r->uri_end) {
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -1224,7 +1224,11 @@ ngx_http_process_request_uri(ngx_http_re
         r->uri.len = r->uri_end - r->uri_start;
     }
 
-    if (r->complex_uri || r->quoted_uri) {
+    if (r->complex_uri || r->quoted_uri || r->empty_path_in_uri) {
+
+        if (r->empty_path_in_uri) {
+            r->uri.len++;
+        }
 
         r->uri.data = ngx_pnalloc(r->pool, r->uri.len + 1);
         if (r->uri.data == NULL) {
@@ -1250,7 +1254,7 @@ ngx_http_process_request_uri(ngx_http_re
     r->unparsed_uri.len = r->uri_end - r->uri_start;
     r->unparsed_uri.data = r->uri_start;
 
-    r->valid_unparsed_uri = r->space_in_uri ? 0 : 1;
+    r->valid_unparsed_uri = (r->space_in_uri || r->empty_path_in_uri) ? 0 : 1;
 
     if (r->uri_ext) {
         if (r->args_start) {
--- a/src/http/ngx_http_request.h
+++ b/src/http/ngx_http_request.h
@@ -470,6 +470,9 @@ struct ngx_http_request_s {
     /* URI with " " */
     unsigned                          space_in_uri:1;
 
+    /* URI with empty path */
+    unsigned                          empty_path_in_uri:1;
+
     unsigned                          invalid_header:1;
 
     unsigned                          add_uri_to_alias:1;