diff options
| author | Maxim Dounin <mdounin@mdounin.ru> | 2021-06-28 18:01:13 +0300 |
|---|---|---|
| committer | Maxim Dounin <mdounin@mdounin.ru> | 2021-06-28 18:01:13 +0300 |
| commit | 05395f4889cf0b66e8d049921ad19f1a08319150 (patch) | |
| tree | cd8166ac14b8e8d5751abb46b9cb4d07160dc1d2 /src | |
| parent | fee09fc49d510de0078f9bc7fc18dc179cceb62b (diff) | |
| download | nginx-05395f4889cf0b66e8d049921ad19f1a08319150.tar.gz nginx-05395f4889cf0b66e8d049921ad19f1a08319150.zip | |
Disabled spaces in URIs (ticket #196).
From now on, requests with spaces in URIs are immediately rejected rather
than allowed. Spaces were allowed in 31e9677b15a1 (0.8.41) to handle bad
clients. It is believed that now this behaviour causes more harm than
good.
Diffstat (limited to 'src')
| -rw-r--r-- | src/http/modules/ngx_http_proxy_module.c | 4 | ||||
| -rw-r--r-- | src/http/ngx_http_parse.c | 72 | ||||
| -rw-r--r-- | src/http/ngx_http_request.c | 2 | ||||
| -rw-r--r-- | src/http/ngx_http_request.h | 3 |
4 files changed, 11 insertions, 70 deletions
diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c index 64190f1a0..d82f5ea21 100644 --- a/src/http/modules/ngx_http_proxy_module.c +++ b/src/http/modules/ngx_http_proxy_module.c @@ -1186,7 +1186,7 @@ ngx_http_proxy_create_key(ngx_http_request_t *r) loc_len = (r->valid_location && ctx->vars.uri.len) ? plcf->location.len : 0; - if (r->quoted_uri || r->space_in_uri || r->internal) { + if (r->quoted_uri || r->internal) { escape = 2 * ngx_escape_uri(NULL, r->uri.data + loc_len, r->uri.len - loc_len, NGX_ESCAPE_URI); } else { @@ -1299,7 +1299,7 @@ ngx_http_proxy_create_request(ngx_http_request_t *r) loc_len = (r->valid_location && ctx->vars.uri.len) ? plcf->location.len : 0; - if (r->quoted_uri || r->space_in_uri || r->internal) { + if (r->quoted_uri || r->internal) { escape = 2 * ngx_escape_uri(NULL, r->uri.data + loc_len, r->uri.len - loc_len, NGX_ESCAPE_URI); } diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c index 71fa3c7a5..8297a132b 100644 --- a/src/http/ngx_http_parse.c +++ b/src/http/ngx_http_parse.c @@ -116,10 +116,8 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b) sw_host_end, sw_host_ip_literal, sw_port, - sw_host_http_09, sw_after_slash_in_uri, sw_check_uri, - sw_check_uri_http_09, sw_uri, sw_http_09, sw_http_H, @@ -398,7 +396,7 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b) */ r->uri_start = r->schema_end + 1; r->uri_end = r->schema_end + 2; - state = sw_host_http_09; + state = sw_http_09; break; default: return NGX_HTTP_PARSE_INVALID_REQUEST; @@ -472,35 +470,13 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b) */ r->uri_start = r->schema_end + 1; r->uri_end = r->schema_end + 2; - state = sw_host_http_09; - break; - default: - return NGX_HTTP_PARSE_INVALID_REQUEST; - } - break; - - /* space+ after "http://host[:port] " */ - case sw_host_http_09: - switch (ch) { - case ' ': - break; - case CR: - r->http_minor = 9; - state = sw_almost_done; - break; - case LF: - r->http_minor = 9; - goto done; - case 'H': - r->http_protocol.data = p; - state = sw_http_H; + state = sw_http_09; break; default: return NGX_HTTP_PARSE_INVALID_REQUEST; } break; - /* check "/.", "//", "%", and "\" (Win32) in URI */ case sw_after_slash_in_uri: @@ -512,7 +488,7 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b) switch (ch) { case ' ': r->uri_end = p; - state = sw_check_uri_http_09; + state = sw_http_09; break; case CR: r->uri_end = p; @@ -584,7 +560,7 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b) break; case ' ': r->uri_end = p; - state = sw_check_uri_http_09; + state = sw_http_09; break; case CR: r->uri_end = p; @@ -621,31 +597,6 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b) } break; - /* space+ after URI */ - case sw_check_uri_http_09: - switch (ch) { - case ' ': - break; - case CR: - r->http_minor = 9; - state = sw_almost_done; - break; - case LF: - r->http_minor = 9; - goto done; - case 'H': - r->http_protocol.data = p; - state = sw_http_H; - break; - default: - r->space_in_uri = 1; - state = sw_check_uri; - p--; - break; - } - break; - - /* URI */ case sw_uri: @@ -692,10 +643,7 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b) state = sw_http_H; break; default: - r->space_in_uri = 1; - state = sw_uri; - p--; - break; + return NGX_HTTP_PARSE_INVALID_REQUEST; } break; @@ -1171,9 +1119,7 @@ ngx_http_parse_uri(ngx_http_request_t *r) switch (ch) { case ' ': - r->space_in_uri = 1; - state = sw_check_uri; - break; + return NGX_ERROR; case '.': r->complex_uri = 1; state = sw_uri; @@ -1232,8 +1178,7 @@ ngx_http_parse_uri(ngx_http_request_t *r) r->uri_ext = p + 1; break; case ' ': - r->space_in_uri = 1; - break; + return NGX_ERROR; #if (NGX_WIN32) case '\\': r->complex_uri = 1; @@ -1267,8 +1212,7 @@ ngx_http_parse_uri(ngx_http_request_t *r) switch (ch) { case ' ': - r->space_in_uri = 1; - break; + return NGX_ERROR; case '#': r->complex_uri = 1; break; diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c index 2614b998c..7956610c4 100644 --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -1264,7 +1264,7 @@ ngx_http_process_request_uri(ngx_http_request_t *r) r->unparsed_uri.len = r->uri_end - r->uri_start; r->unparsed_uri.data = r->uri_start; - r->valid_unparsed_uri = (r->space_in_uri || r->empty_path_in_uri) ? 0 : 1; + r->valid_unparsed_uri = r->empty_path_in_uri ? 0 : 1; if (r->uri_ext) { if (r->args_start) { diff --git a/src/http/ngx_http_request.h b/src/http/ngx_http_request.h index fa4d5f99f..63576274e 100644 --- a/src/http/ngx_http_request.h +++ b/src/http/ngx_http_request.h @@ -468,9 +468,6 @@ struct ngx_http_request_s { /* URI with "+" */ unsigned plus_in_uri:1; - /* URI with " " */ - unsigned space_in_uri:1; - /* URI with empty path */ unsigned empty_path_in_uri:1; |