]> git.kaiwu.me - nginx.git/commitdiff
projects / nginx.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b343099)
Fixed variable syntax checking in "set", "geo", "limit_conn_zone",
authorRuslan Ermilov <ru@nginx.com>
Thu, 13 Dec 2012 15:05:19 +0000 (15:05 +0000)
committerRuslan Ermilov <ru@nginx.com>
Thu, 13 Dec 2012 15:05:19 +0000 (15:05 +0000)
and "perl_set" directives.

src/http/modules/ngx_http_geo_module.c patch | blob | history
src/http/modules/ngx_http_limit_conn_module.c patch | blob | history
src/http/modules/ngx_http_rewrite_module.c patch | blob | history
src/http/modules/perl/ngx_http_perl_module.c patch | blob | history

diff --git a/src/http/modules/ngx_http_geo_module.c b/src/http/modules/ngx_http_geo_module.c
index fce87a8cb46bd558ee8b034a422aa3854adc2b45..bdad969a1b85dcf35401c7adb3239d77bd7bed07 100644 (file)
--- a/src/http/modules/ngx_http_geo_module.c
+++ b/src/http/modules/ngx_http_geo_module.c
@@ -322,6 +322,13 @@ ngx_http_geo_block(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
     }
 
     name = value[1];
+
+    if (name.len < 2 || name.data[0] != '$') {
+        ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+                           "invalid variable name \"%V\"", &name);
+        return NGX_CONF_ERROR;
+    }
+
     name.len--;
     name.data++;
 
diff --git a/src/http/modules/ngx_http_limit_conn_module.c b/src/http/modules/ngx_http_limit_conn_module.c
index e82ca493dab30ee967d5019e793db0444523f23b..4f993557950093577bd3f343e822454f30faf718 100644 (file)
--- a/src/http/modules/ngx_http_limit_conn_module.c
+++ b/src/http/modules/ngx_http_limit_conn_module.c
@@ -540,7 +540,7 @@ ngx_http_limit_conn_zone(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
             continue;
         }
 
-        if (value[i].data[0] == '$') {
+        if (value[i].len > 1 && value[i].data[0] == '$') {
 
             value[i].len--;
             value[i].data++;
@@ -613,7 +613,7 @@ ngx_http_limit_zone(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
 
     value = cf->args->elts;
 
-    if (value[2].data[0] != '$') {
+    if (value[2].len < 2 || value[2].data[0] != '$') {
         ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
                            "invalid variable name \"%V\"", &value[2]);
         return NGX_CONF_ERROR;
diff --git a/src/http/modules/ngx_http_rewrite_module.c b/src/http/modules/ngx_http_rewrite_module.c
index 4081f87743343c775c9901e522d27553bd76a4cb..9df090c77a4662ccce9c51561c5a0f71988c21d3 100644 (file)
--- a/src/http/modules/ngx_http_rewrite_module.c
+++ b/src/http/modules/ngx_http_rewrite_module.c
@@ -908,7 +908,7 @@ ngx_http_rewrite_set(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
 
     value = cf->args->elts;
 
-    if (value[1].data[0] != '$') {
+    if (value[1].len < 2 || value[1].data[0] != '$') {
         ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
                            "invalid variable name \"%V\"", &value[1]);
         return NGX_CONF_ERROR;
diff --git a/src/http/modules/perl/ngx_http_perl_module.c b/src/http/modules/perl/ngx_http_perl_module.c
index 90e32e80efa5295bd4460292d82b564e9f399059..028b9f1999a69a3db5b15268eef37801b5233002 100644 (file)
--- a/src/http/modules/perl/ngx_http_perl_module.c
+++ b/src/http/modules/perl/ngx_http_perl_module.c
@@ -968,7 +968,7 @@ ngx_http_perl_set(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
 
     value = cf->args->elts;
 
-    if (value[1].data[0] != '$') {
+    if (value[1].len < 2 || value[1].data[0] != '$') {
         ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
                            "invalid variable name \"%V\"", &value[1]);
         return NGX_CONF_ERROR;
nginx upstream