Mercurial > hg > nginx
view auto/summary @ 4664:356c91151658 stable-1.2
Merge of r4618: rewrite escaping fix (ticket #162).
The following code resulted in incorrect escaping of uri and possible
segfault:
location / {
rewrite ^(.*) $1?c=$1;
return 200 "$uri";
}
If there were arguments in a rewrite's replacement string, and length was
actually calculated (due to duplicate captures as in the example above,
or variables present), the is_args flag was set and incorrectly copied
after length calculation. This resulted in escaping applied to the uri part
of the replacement, resulting in incorrect escaping. Additionally, buffer
was allocated without escaping expected, thus this also resulted in buffer
overrun and possible segfault.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 04 Jun 2012 11:07:19 +0000 |
parents | d620f497c50f |
children | 83d54192e97b |
line wrap: on
line source
# Copyright (C) Igor Sysoev # Copyright (C) Nginx, Inc. ### STUB if [ $USE_THREADS != NO ]; then cat << END $0: error: the threads support is broken now. END exit 1 fi ### echo echo "Configuration summary" #case $USE_THREADS in # rfork) echo " + using rfork()ed threads" ;; # pthreads) echo " + using libpthread threads library" ;; # libthr) echo " + using FreeBSD libthr threads library" ;; # libc_r) echo " + using FreeBSD libc_r threads library" ;; # linuxthreads) echo " + using FreeBSD LinuxThreads port library" ;; # NO) echo " + threads are not used" ;; # *) echo " + using lib$USE_THREADS threads library" ;; #esac if [ $USE_PCRE = DISABLED ]; then echo " + PCRE library is disabled" else case $PCRE in YES) echo " + using system PCRE library" ;; NONE) echo " + PCRE library is not used" ;; *) echo " + using PCRE library: $PCRE" ;; esac fi case $OPENSSL in YES) echo " + using system OpenSSL library" ;; NONE) echo " + OpenSSL library is not used" ;; *) echo " + using OpenSSL library: $OPENSSL" ;; esac case $MD5 in YES) echo " + md5: using $MD5_LIB library" ;; NONE) echo " + md5 library is not used" ;; NO) echo " + using builtin md5 code" ;; *) echo " + using md5 library: $MD5" ;; esac case $SHA1 in YES) echo " + sha1: using $SHA1_LIB library" ;; NONE) echo " + sha1 library is not used" ;; NO) echo " + sha1 library is not found" ;; *) echo " + using sha1 library: $SHA1" ;; esac case $ZLIB in YES) echo " + using system zlib library" ;; NONE) echo " + zlib library is not used" ;; *) echo " + using zlib library: $ZLIB" ;; esac case $NGX_LIBATOMIC in YES) echo " + using system libatomic_ops library" ;; NO) ;; # not used *) echo " + using libatomic_ops library: $NGX_LIBATOMIC" ;; esac echo cat << END nginx path prefix: "$NGX_PREFIX" nginx binary file: "$NGX_SBIN_PATH" nginx configuration prefix: "$NGX_CONF_PREFIX" nginx configuration file: "$NGX_CONF_PATH" nginx pid file: "$NGX_PID_PATH" END if test -n "$NGX_ERROR_LOG_PATH"; then echo " nginx error log file: \"$NGX_ERROR_LOG_PATH\"" else echo " nginx logs errors to stderr" fi cat << END nginx http access log file: "$NGX_HTTP_LOG_PATH" nginx http client request body temporary files: "$NGX_HTTP_CLIENT_TEMP_PATH" END if [ $HTTP_PROXY = YES ]; then echo " nginx http proxy temporary files: \"$NGX_HTTP_PROXY_TEMP_PATH\"" fi if [ $HTTP_FASTCGI = YES ]; then echo " nginx http fastcgi temporary files: \"$NGX_HTTP_FASTCGI_TEMP_PATH\"" fi if [ $HTTP_UWSGI = YES ]; then echo " nginx http uwsgi temporary files: \"$NGX_HTTP_UWSGI_TEMP_PATH\"" fi if [ $HTTP_SCGI = YES ]; then echo " nginx http scgi temporary files: \"$NGX_HTTP_SCGI_TEMP_PATH\"" fi echo "$NGX_POST_CONF_MSG"