From 3fc6f64bd297de220faab0f0c7abe8b67e1b870f Mon Sep 17 00:00:00 2001
From: Igor Sysoev <igor@sysoev.ru>
Date: Thu, 10 Nov 2005 07:44:53 +0000
Subject: nginx-0.3.9-RELEASE import

    *) Bugfix: nginx considered URI as unsafe if two any symbols was
       between two slashes; the bug had appeared in 0.3.8.
---
 src/http/ngx_http_parse.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'src/http')

diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c
index 0001286c6..b2e2f9e3f 100644
--- a/src/http/ngx_http_parse.c
+++ b/src/http/ngx_http_parse.c
@@ -1056,7 +1056,7 @@ ngx_http_parse_unsafe_uri(ngx_http_request_t *r, ngx_str_t *uri,
 
             /* detect "/../" */
 
-            if (p[2] == '/') {
+            if (p[0] == '.' && p[1] == '.' && p[2] == '/') {
                 goto unsafe;
             }
 
@@ -1070,7 +1070,9 @@ ngx_http_parse_unsafe_uri(ngx_http_request_t *r, ngx_str_t *uri,
 
                 /* detect "/.../" */
 
-                if (p[3] == '/' || p[3] == '\\') {
+                if (p[0] == '.' && p[1] == '.' && p[2] == '.'
+                    && (p[3] == '/' || p[3] == '\\'))
+                {
                     goto unsafe;
                 }
             }
-- 
cgit