Mercurial > hg > nginx
changeset 575:fcd6fc7ff7f9 release-0.3.9
nginx-0.3.9-RELEASE import
*) Bugfix: nginx considered URI as unsafe if two any symbols was
between two slashes; the bug had appeared in 0.3.8.
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Thu, 10 Nov 2005 07:44:53 +0000 |
parents | 206160abe62e |
children | 3e0b61c26426 |
files | docs/xml/nginx/changes.xml src/core/nginx.h src/http/ngx_http_parse.c |
diffstat | 3 files changed, 23 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/docs/xml/nginx/changes.xml Wed Nov 09 17:25:55 2005 +0000 +++ b/docs/xml/nginx/changes.xml Thu Nov 10 07:44:53 2005 +0000 @@ -9,6 +9,23 @@ <title lang="en">nginx changelog</title> +<changes ver="0.3.9" date="10.11.2005"> + +<change type="bugfix"> +<para lang="ru"> +nginx считал небезопасными URI, в которых между двумя слэшами +находилось два любых символа; +ошибка появилась в 0.3.8. +</para> +<para lang="en"> +nginx considered URI as unsafe if two any symbols was between two slashes; +bug appeared in 0.3.8. +</para> +</change> + +</changes> + + <changes ver="0.3.8" date="09.11.2005"> <change type="security"> @@ -119,7 +136,7 @@ <change type="bugfix"> <para lang="ru"> -рабочие процессы не сбрасывал буферизированные логи при плавном выходе. +рабочие процессы не сбрасывали буферизированные логи при плавном выходе. </para> <para lang="en"> the worker processes did not flush the buffered logs on graceful exit.
--- a/src/core/nginx.h Wed Nov 09 17:25:55 2005 +0000 +++ b/src/core/nginx.h Thu Nov 10 07:44:53 2005 +0000 @@ -8,7 +8,7 @@ #define _NGINX_H_INCLUDED_ -#define NGINX_VER "nginx/0.3.8" +#define NGINX_VER "nginx/0.3.9" #define NGINX_VAR "NGINX" #define NGX_OLDPID_EXT ".oldbin"
--- a/src/http/ngx_http_parse.c Wed Nov 09 17:25:55 2005 +0000 +++ b/src/http/ngx_http_parse.c Thu Nov 10 07:44:53 2005 +0000 @@ -1056,7 +1056,7 @@ /* detect "/../" */ - if (p[2] == '/') { + if (p[0] == '.' && p[1] == '.' && p[2] == '/') { goto unsafe; } @@ -1070,7 +1070,9 @@ /* detect "/.../" */ - if (p[3] == '/' || p[3] == '\\') { + if (p[0] == '.' && p[1] == '.' && p[2] == '.' + && (p[3] == '/' || p[3] == '\\')) + { goto unsafe; } }