git.kaiwu.me - nginx.git/commit

]> git.kaiwu.me - nginx.git/commit

projects / nginx.git / commit

summary | shortlog | log | commit | commitdiff | tree
(parent: 9739e75) | patch

author	Roman Arutyunyan <arut@nginx.com>
	Thu, 26 Feb 2026 07:52:53 +0000 (11:52 +0400)
committer	Roman Arutyunyan <arutyunyan.roman@gmail.com>
	Tue, 24 Mar 2026 14:46:08 +0000 (18:46 +0400)
commit	6f3145006b41a4ec464eed4093553a335d35e8ac
tree	70a4980776583d6e613e48d62dd8f8d901624212	tree \| snapshot
parent	9739e755b8dddba82e65ca2a08d079f4c9826b75	commit \| diff

Mail: host validation.

Now host name resolved from client address is validated to only contain
the characters specified in RFC 1034, Section 3.5. The validation allows
to avoid injections when using the resolved host name in auth_http and
smtp proxy.

Reported by Asim Viladi Oglu Manizada, Colin Warren,
Xiao Liu (Yunnan University), Yuan Tan (UC Riverside), and
Bird Liu (Lanzhou University).

src/mail/ngx_mail_smtp_handler.c

diff | blob | history

nginx upstream