diff options
author | Maxim Dounin <mdounin@mdounin.ru> | 2021-06-28 18:01:13 +0300 |
---|---|---|
committer | Maxim Dounin <mdounin@mdounin.ru> | 2021-06-28 18:01:13 +0300 |
commit | 05395f4889cf0b66e8d049921ad19f1a08319150 (patch) | |
tree | cd8166ac14b8e8d5751abb46b9cb4d07160dc1d2 /src/http/ngx_http_parse.c | |
parent | fee09fc49d510de0078f9bc7fc18dc179cceb62b (diff) | |
download | nginx-05395f4889cf0b66e8d049921ad19f1a08319150.tar.gz nginx-05395f4889cf0b66e8d049921ad19f1a08319150.zip |
Disabled spaces in URIs (ticket #196).
From now on, requests with spaces in URIs are immediately rejected rather
than allowed. Spaces were allowed in 31e9677b15a1 (0.8.41) to handle bad
clients. It is believed that now this behaviour causes more harm than
good.
Diffstat (limited to 'src/http/ngx_http_parse.c')
-rw-r--r-- | src/http/ngx_http_parse.c | 72 |
1 files changed, 8 insertions, 64 deletions
diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c index 71fa3c7a5..8297a132b 100644 --- a/src/http/ngx_http_parse.c +++ b/src/http/ngx_http_parse.c @@ -116,10 +116,8 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b) sw_host_end, sw_host_ip_literal, sw_port, - sw_host_http_09, sw_after_slash_in_uri, sw_check_uri, - sw_check_uri_http_09, sw_uri, sw_http_09, sw_http_H, @@ -398,7 +396,7 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b) */ r->uri_start = r->schema_end + 1; r->uri_end = r->schema_end + 2; - state = sw_host_http_09; + state = sw_http_09; break; default: return NGX_HTTP_PARSE_INVALID_REQUEST; @@ -472,35 +470,13 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b) */ r->uri_start = r->schema_end + 1; r->uri_end = r->schema_end + 2; - state = sw_host_http_09; - break; - default: - return NGX_HTTP_PARSE_INVALID_REQUEST; - } - break; - - /* space+ after "http://host[:port] " */ - case sw_host_http_09: - switch (ch) { - case ' ': - break; - case CR: - r->http_minor = 9; - state = sw_almost_done; - break; - case LF: - r->http_minor = 9; - goto done; - case 'H': - r->http_protocol.data = p; - state = sw_http_H; + state = sw_http_09; break; default: return NGX_HTTP_PARSE_INVALID_REQUEST; } break; - /* check "/.", "//", "%", and "\" (Win32) in URI */ case sw_after_slash_in_uri: @@ -512,7 +488,7 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b) switch (ch) { case ' ': r->uri_end = p; - state = sw_check_uri_http_09; + state = sw_http_09; break; case CR: r->uri_end = p; @@ -584,7 +560,7 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b) break; case ' ': r->uri_end = p; - state = sw_check_uri_http_09; + state = sw_http_09; break; case CR: r->uri_end = p; @@ -621,31 +597,6 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b) } break; - /* space+ after URI */ - case sw_check_uri_http_09: - switch (ch) { - case ' ': - break; - case CR: - r->http_minor = 9; - state = sw_almost_done; - break; - case LF: - r->http_minor = 9; - goto done; - case 'H': - r->http_protocol.data = p; - state = sw_http_H; - break; - default: - r->space_in_uri = 1; - state = sw_check_uri; - p--; - break; - } - break; - - /* URI */ case sw_uri: @@ -692,10 +643,7 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b) state = sw_http_H; break; default: - r->space_in_uri = 1; - state = sw_uri; - p--; - break; + return NGX_HTTP_PARSE_INVALID_REQUEST; } break; @@ -1171,9 +1119,7 @@ ngx_http_parse_uri(ngx_http_request_t *r) switch (ch) { case ' ': - r->space_in_uri = 1; - state = sw_check_uri; - break; + return NGX_ERROR; case '.': r->complex_uri = 1; state = sw_uri; @@ -1232,8 +1178,7 @@ ngx_http_parse_uri(ngx_http_request_t *r) r->uri_ext = p + 1; break; case ' ': - r->space_in_uri = 1; - break; + return NGX_ERROR; #if (NGX_WIN32) case '\\': r->complex_uri = 1; @@ -1267,8 +1212,7 @@ ngx_http_parse_uri(ngx_http_request_t *r) switch (ch) { case ' ': - r->space_in_uri = 1; - break; + return NGX_ERROR; case '#': r->complex_uri = 1; break; |