]> git.kaiwu.me - nginx.git/commitdiff
projects / nginx.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 75c1903)
nginx-0.3.9-RELEASE import release-0.3.9
authorIgor Sysoev <igor@sysoev.ru>
Thu, 10 Nov 2005 07:44:53 +0000 (07:44 +0000)
committerIgor Sysoev <igor@sysoev.ru>
Thu, 10 Nov 2005 07:44:53 +0000 (07:44 +0000)
    *) Bugfix: nginx considered URI as unsafe if two any symbols was
       between two slashes; the bug had appeared in 0.3.8.

docs/xml/nginx/changes.xml patch | blob | history
src/core/nginx.h patch | blob | history
src/http/ngx_http_parse.c patch | blob | history

diff --git a/docs/xml/nginx/changes.xml b/docs/xml/nginx/changes.xml
index dfac2a065a1a1bb6710d67f4a8bc67e265e55f40..4402afc04883fe1d5238fd62f4209fd824ecc111 100644 (file)
--- a/docs/xml/nginx/changes.xml
+++ b/docs/xml/nginx/changes.xml
@@ -9,6 +9,23 @@
 <title lang="en">nginx changelog</title>
 
 
+<changes ver="0.3.9" date="10.11.2005">
+
+<change type="bugfix">
+<para lang="ru">
+nginx ÓÞÉÔÁÌ ÎÅÂÅÚÏÐÁÓÎÙÍÉ URI, × ËÏÔÏÒÙÈ ÍÅÖÄÕ Ä×ÕÍÑ ÓÌÜÛÁÍÉ
+ÎÁÈÏÄÉÌÏÓØ Ä×Á ÌÀÂÙÈ ÓÉÍ×ÏÌÁ;
+ÏÛÉÂËÁ ÐÏÑ×ÉÌÁÓØ × 0.3.8.
+</para>
+<para lang="en">
+nginx considered URI as unsafe if two any symbols was between two slashes;
+bug appeared in 0.3.8.
+</para>
+</change>
+
+</changes>
+
+
 <changes ver="0.3.8" date="09.11.2005">
 
 <change type="security">
@@ -119,7 +136,7 @@ and temporary files with client requests in open state.
 
 <change type="bugfix">
 <para lang="ru">
-ÒÁÂÏÞÉÅ ÐÒÏÃÅÓÓÙ ÎÅ ÓÂÒÁÓÙ×ÁÌ ÂÕÆÅÒÉÚÉÒÏ×ÁÎÎÙÅ ÌÏÇÉ ÐÒÉ ÐÌÁ×ÎÏÍ ×ÙÈÏÄÅ.
+ÒÁÂÏÞÉÅ ÐÒÏÃÅÓÓÙ ÎÅ ÓÂÒÁÓÙ×ÁÌÉ ÂÕÆÅÒÉÚÉÒÏ×ÁÎÎÙÅ ÌÏÇÉ ÐÒÉ ÐÌÁ×ÎÏÍ ×ÙÈÏÄÅ.
 </para>
 <para lang="en">
 the worker processes did not flush the buffered logs on graceful exit.
diff --git a/src/core/nginx.h b/src/core/nginx.h
index 966d405b07fa38a5c8225d09edbe0641008523f6..c498e0719bf8e3e46797ebf52fe5110003456a7c 100644 (file)
--- a/src/core/nginx.h
+++ b/src/core/nginx.h
@@ -8,7 +8,7 @@
 #define _NGINX_H_INCLUDED_
 
 
-#define NGINX_VER          "nginx/0.3.8"
+#define NGINX_VER          "nginx/0.3.9"
 
 #define NGINX_VAR          "NGINX"
 #define NGX_OLDPID_EXT     ".oldbin"
diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c
index 0001286c6c79e91676ca4cb0f0b4d9078e6c241a..b2e2f9e3fdbfa534abc527178b78c50bd7d72f5f 100644 (file)
--- a/src/http/ngx_http_parse.c
+++ b/src/http/ngx_http_parse.c
@@ -1056,7 +1056,7 @@ ngx_http_parse_unsafe_uri(ngx_http_request_t *r, ngx_str_t *uri,
 
             /* detect "/../" */
 
-            if (p[2] == '/') {
+            if (p[0] == '.' && p[1] == '.' && p[2] == '/') {
                 goto unsafe;
             }
 
@@ -1070,7 +1070,9 @@ ngx_http_parse_unsafe_uri(ngx_http_request_t *r, ngx_str_t *uri,
 
                 /* detect "/.../" */
 
-                if (p[3] == '/' || p[3] == '\\') {
+                if (p[0] == '.' && p[1] == '.' && p[2] == '.'
+                    && (p[3] == '/' || p[3] == '\\'))
+                {
                     goto unsafe;
                 }
             }
nginx upstream