diff options
| author | Sergey Kandaurov <pluknet@nginx.com> | 2021-07-15 16:28:21 +0300 |
|---|---|---|
| committer | Sergey Kandaurov <pluknet@nginx.com> | 2021-07-15 16:28:21 +0300 |
| commit | 161759443ccf0e800327af130a3c431789259fa4 (patch) | |
| tree | bb51b1f5264ee1a44fb93e8c0341d1470cd5f97b /src/http/ngx_http_request.c | |
| parent | 169b27a50b5e91184853bab96d9377b6f82d871c (diff) | |
| parent | 7384cd1f315c51cd9e3b304ea3a68d160a9ee700 (diff) | |
| download | nginx-161759443ccf0e800327af130a3c431789259fa4.tar.gz nginx-161759443ccf0e800327af130a3c431789259fa4.zip | |
Merged with the default branch.
Diffstat (limited to 'src/http/ngx_http_request.c')
| -rw-r--r-- | src/http/ngx_http_request.c | 47 |
1 files changed, 33 insertions, 14 deletions
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c index 1816c0360..a27d29368 100644 --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -1273,7 +1273,7 @@ ngx_http_process_request_uri(ngx_http_request_t *r) r->unparsed_uri.len = r->uri_end - r->uri_start; r->unparsed_uri.data = r->uri_start; - r->valid_unparsed_uri = (r->space_in_uri || r->empty_path_in_uri) ? 0 : 1; + r->valid_unparsed_uri = r->empty_path_in_uri ? 0 : 1; if (r->uri_ext) { if (r->args_start) { @@ -1531,7 +1531,9 @@ ngx_http_process_request_headers(ngx_event_t *rev) /* rc == NGX_HTTP_PARSE_INVALID_HEADER */ ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid header line"); + "client sent invalid header line: \"%*s\\x%02xd...\"", + r->header_end - r->header_name_start, + r->header_name_start, *r->header_end); ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); break; @@ -1989,20 +1991,20 @@ ngx_http_process_request_header(ngx_http_request_t *r) } } - if (r->method == NGX_HTTP_TRACE) { - ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, - "client sent TRACE method"); - ngx_http_finalize_request(r, NGX_HTTP_NOT_ALLOWED); - return NGX_ERROR; - } - if (r->headers_in.transfer_encoding) { if (r->headers_in.transfer_encoding->value.len == 7 && ngx_strncasecmp(r->headers_in.transfer_encoding->value.data, (u_char *) "chunked", 7) == 0) { - r->headers_in.content_length = NULL; - r->headers_in.content_length_n = -1; + if (r->headers_in.content_length) { + ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, + "client sent \"Content-Length\" and " + "\"Transfer-Encoding\" headers " + "at the same time"); + ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); + return NGX_ERROR; + } + r->headers_in.chunked = 1; } else { @@ -2022,6 +2024,20 @@ ngx_http_process_request_header(ngx_http_request_t *r) } } + if (r->method == NGX_HTTP_CONNECT) { + ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, + "client sent CONNECT method"); + ngx_http_finalize_request(r, NGX_HTTP_NOT_ALLOWED); + return NGX_ERROR; + } + + if (r->method == NGX_HTTP_TRACE) { + ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, + "client sent TRACE method"); + ngx_http_finalize_request(r, NGX_HTTP_NOT_ALLOWED); + return NGX_ERROR; + } + return NGX_OK; } @@ -2169,15 +2185,16 @@ ngx_http_validate_host(ngx_str_t *host, ngx_pool_t *pool, ngx_uint_t alloc) } break; - case '\0': - return NGX_DECLINED; - default: if (ngx_path_separator(ch)) { return NGX_DECLINED; } + if (ch <= 0x20 || ch == 0x7f) { + return NGX_DECLINED; + } + if (ch >= 'A' && ch <= 'Z') { alloc = 1; } @@ -3429,6 +3446,8 @@ ngx_http_set_lingering_close(ngx_connection_t *c) if (c->ssl) { ngx_int_t rc; + c->ssl->shutdown_without_free = 1; + rc = ngx_ssl_shutdown(c); if (rc == NGX_ERROR) { |