diff options
| author | Maxim Dounin <mdounin@mdounin.ru> | 2012-06-05 13:52:37 +0000 |
|---|---|---|
| committer | Maxim Dounin <mdounin@mdounin.ru> | 2012-06-05 13:52:37 +0000 |
| commit | b683a855ae3129c4374a13f4f0d3570e5d6a0ddb (patch) | |
| tree | e65edfc703855ca82cd347e383fb6c9cf30b8d9d /src/http/ngx_http_parse.c | |
| parent | 4624fd5d195753c21a4859925925c9523e8b981c (diff) | |
| download | nginx-b683a855ae3129c4374a13f4f0d3570e5d6a0ddb.tar.gz nginx-b683a855ae3129c4374a13f4f0d3570e5d6a0ddb.tar.bz2 | |
Merge of r4674, r4675, r4676: win32 fixes.
*) Win32: disallowed access to various non-canonical name variants.
This includes trailings dots and spaces, NTFS streams (and short names, as
previously checked). The checks are now also done in ngx_file_info(), thus
allowing to use the "try_files" directive to protect external scripts.
*) Win32: normalization of trailing dot inside uri.
Windows treats "/directory./" identical to "/directory/". Do the same
when working on Windows. Note that the behaviour is different from one
with last path component (where multiple spaces and dots are ignored by
Windows).
*) Win32: uris with ":$" are now rejected.
There are too many problems with special NTFS streams, notably "::$data",
"::$index_allocation" and ":$i30:$index_allocation".
For now we don't reject all URIs with ":" like Apache does as there are no
good reasons seen yet, and there are multiple programs using it in URLs
(e.g. MediaWiki).
Diffstat (limited to '')
| -rw-r--r-- | src/http/ngx_http_parse.c | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c index 0a10a340e..be750edd0 100644 --- a/src/http/ngx_http_parse.c +++ b/src/http/ngx_http_parse.c @@ -543,6 +543,13 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b) switch (ch) { case '/': +#if (NGX_WIN32) + if (r->uri_ext == p) { + r->complex_uri = 1; + state = sw_uri; + break; + } +#endif r->uri_ext = NULL; state = sw_after_slash_in_uri; break; @@ -1117,6 +1124,12 @@ ngx_http_parse_complex_uri(ngx_http_request_t *r, ngx_uint_t merge_slashes) switch(ch) { #if (NGX_WIN32) case '\\': + if (u - 2 >= r->uri.data + && *(u - 1) == '.' && *(u - 2) != '.') + { + u--; + } + r->uri_ext = NULL; if (p == r->uri_start + r->uri.len) { @@ -1134,6 +1147,13 @@ ngx_http_parse_complex_uri(ngx_http_request_t *r, ngx_uint_t merge_slashes) break; #endif case '/': +#if (NGX_WIN32) + if (u - 2 >= r->uri.data + && *(u - 1) == '.' && *(u - 2) != '.') + { + u--; + } +#endif r->uri_ext = NULL; state = sw_slash; *u++ = ch; |