nginx-0.3.9-RELEASE importrelease-0.3.9

*) Bugfix: nginx considered URI as unsafe if two any symbols was between two slashes; the bug had appeared in 0.3.8.
author: Igor Sysoev <igor@sysoev.ru> 2005-11-10 07:44:53 +0000
committer: Igor Sysoev <igor@sysoev.ru> 2005-11-10 07:44:53 +0000
commit: 3fc6f64bd297de220faab0f0c7abe8b67e1b870f (patch)
tree: 8fdface7f137ed5c2fe4f7a090b0db63fa1d9c3b /src/http/ngx_http_parse.c
parent: 75c1903fbf831515eb8fc7c612edee564f915f9c (diff)
download: nginx-release-0.3.9.tar.gz
nginx-release-0.3.9.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c
index 0001286c6..b2e2f9e3f 100644
--- a/src/http/ngx_http_parse.c
+++ b/src/http/ngx_http_parse.c
@@ -1056,7 +1056,7 @@ ngx_http_parse_unsafe_uri(ngx_http_request_t *r, ngx_str_t *uri,
 
             /* detect "/../" */
 
-            if (p[2] == '/') {
+            if (p[0] == '.' && p[1] == '.' && p[2] == '/') {
                 goto unsafe;
             }
 
@@ -1070,7 +1070,9 @@ ngx_http_parse_unsafe_uri(ngx_http_request_t *r, ngx_str_t *uri,
 
                 /* detect "/.../" */
 
-                if (p[3] == '/' || p[3] == '\\') {
+                if (p[0] == '.' && p[1] == '.' && p[2] == '.'
+                    && (p[3] == '/' || p[3] == '\\'))
+                {
                     goto unsafe;
                 }
             }
author	Igor Sysoev <igor@sysoev.ru>	2005-11-10 07:44:53 +0000
committer	Igor Sysoev <igor@sysoev.ru>	2005-11-10 07:44:53 +0000
commit	3fc6f64bd297de220faab0f0c7abe8b67e1b870f (patch)
tree	8fdface7f137ed5c2fe4f7a090b0db63fa1d9c3b /src/http/ngx_http_parse.c
parent	75c1903fbf831515eb8fc7c612edee564f915f9c (diff)
download	nginx-release-0.3.9.tar.gz nginx-release-0.3.9.zip