Mercurial > hg > nginx
changeset 5490:b141a7627ac6
Detect more unsafe URIs in ngx_http_parse_unsafe_uri().
The following URIs were considered safe: "..", "../foo", and "/foo/..".
author | Ruslan Ermilov <ru@nginx.com> |
---|---|
date | Mon, 23 Dec 2013 18:11:56 +0400 |
parents | 6d357b2a9d6e |
children | 74bfa803a5aa |
files | src/http/ngx_http_parse.c |
diffstat | 1 files changed, 7 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/src/http/ngx_http_parse.c Mon Dec 23 18:11:46 2013 +0400 +++ b/src/http/ngx_http_parse.c Mon Dec 23 18:11:56 2013 +0400 @@ -1790,7 +1790,9 @@ goto unsafe; } - if (p[0] == '.' && len == 3 && p[1] == '.' && (ngx_path_separator(p[2]))) { + if (p[0] == '.' && len > 1 && p[1] == '.' + && (len == 2 || ngx_path_separator(p[2]))) + { goto unsafe; } @@ -1816,9 +1818,11 @@ if (ngx_path_separator(ch) && len > 2) { - /* detect "/../" */ + /* detect "/../" and "/.." */ - if (p[0] == '.' && p[1] == '.' && ngx_path_separator(p[2])) { + if (p[0] == '.' && p[1] == '.' + && (len == 3 || ngx_path_separator(p[2]))) + { goto unsafe; } }