diff options
| author | Ruslan Ermilov <ru@nginx.com> | 2012-12-13 15:05:19 +0000 |
|---|---|---|
| committer | Ruslan Ermilov <ru@nginx.com> | 2012-12-13 15:05:19 +0000 |
| commit | ba290091cf2c369ae36c6c3845f770f85f1172e6 (patch) | |
| tree | e9ab602ead9bc74a47760533e85f2eaed97c789d /src | |
| parent | b3430993f1ededfd1aa5544abbf75064d8589566 (diff) | |
| download | nginx-ba290091cf2c369ae36c6c3845f770f85f1172e6.tar.gz nginx-ba290091cf2c369ae36c6c3845f770f85f1172e6.zip | |
Fixed variable syntax checking in "set", "geo", "limit_conn_zone",
and "perl_set" directives.
Diffstat (limited to 'src')
| -rw-r--r-- | src/http/modules/ngx_http_geo_module.c | 7 | ||||
| -rw-r--r-- | src/http/modules/ngx_http_limit_conn_module.c | 4 | ||||
| -rw-r--r-- | src/http/modules/ngx_http_rewrite_module.c | 2 | ||||
| -rw-r--r-- | src/http/modules/perl/ngx_http_perl_module.c | 2 |
4 files changed, 11 insertions, 4 deletions
diff --git a/src/http/modules/ngx_http_geo_module.c b/src/http/modules/ngx_http_geo_module.c index fce87a8cb..bdad969a1 100644 --- a/src/http/modules/ngx_http_geo_module.c +++ b/src/http/modules/ngx_http_geo_module.c @@ -322,6 +322,13 @@ ngx_http_geo_block(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) } name = value[1]; + + if (name.len < 2 || name.data[0] != '$') { + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "invalid variable name \"%V\"", &name); + return NGX_CONF_ERROR; + } + name.len--; name.data++; diff --git a/src/http/modules/ngx_http_limit_conn_module.c b/src/http/modules/ngx_http_limit_conn_module.c index e82ca493d..4f9935579 100644 --- a/src/http/modules/ngx_http_limit_conn_module.c +++ b/src/http/modules/ngx_http_limit_conn_module.c @@ -540,7 +540,7 @@ ngx_http_limit_conn_zone(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) continue; } - if (value[i].data[0] == '$') { + if (value[i].len > 1 && value[i].data[0] == '$') { value[i].len--; value[i].data++; @@ -613,7 +613,7 @@ ngx_http_limit_zone(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) value = cf->args->elts; - if (value[2].data[0] != '$') { + if (value[2].len < 2 || value[2].data[0] != '$') { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid variable name \"%V\"", &value[2]); return NGX_CONF_ERROR; diff --git a/src/http/modules/ngx_http_rewrite_module.c b/src/http/modules/ngx_http_rewrite_module.c index 4081f8774..9df090c77 100644 --- a/src/http/modules/ngx_http_rewrite_module.c +++ b/src/http/modules/ngx_http_rewrite_module.c @@ -908,7 +908,7 @@ ngx_http_rewrite_set(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) value = cf->args->elts; - if (value[1].data[0] != '$') { + if (value[1].len < 2 || value[1].data[0] != '$') { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid variable name \"%V\"", &value[1]); return NGX_CONF_ERROR; diff --git a/src/http/modules/perl/ngx_http_perl_module.c b/src/http/modules/perl/ngx_http_perl_module.c index 90e32e80e..028b9f199 100644 --- a/src/http/modules/perl/ngx_http_perl_module.c +++ b/src/http/modules/perl/ngx_http_perl_module.c @@ -968,7 +968,7 @@ ngx_http_perl_set(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) value = cf->args->elts; - if (value[1].data[0] != '$') { + if (value[1].len < 2 || value[1].data[0] != '$') { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid variable name \"%V\"", &value[1]); return NGX_CONF_ERROR; |