Disabled spaces in URIs (ticket #196).

author Maxim Dounin <mdounin@mdounin.ru>

Mon, 28 Jun 2021 15:01:13 +0000 (18:01 +0300)

committer Maxim Dounin <mdounin@mdounin.ru>

Mon, 28 Jun 2021 15:01:13 +0000 (18:01 +0300)
author Maxim Dounin <mdounin@mdounin.ru>
Mon, 28 Jun 2021 15:01:13 +0000 (18:01 +0300)
committer Maxim Dounin <mdounin@mdounin.ru>
Mon, 28 Jun 2021 15:01:13 +0000 (18:01 +0300)
diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c

index 64190f1a01a44cb4ebcbc5db20f34ef504110a4b..d82f5ea21b02c493789a78b4104daa64d8f7f8b0 100644 (file)
--- a/src/http/modules/ngx_http_proxy_module.c
+++ b/src/http/modules/ngx_http_proxy_module.c
@@ -1186,7 +1186,7 @@ ngx_http_proxy_create_key(ngx_http_request_t *r)
  
      loc_len = (r->valid_location && ctx->vars.uri.len) ? plcf->location.len : 0;
  
-    if (r->quoted_uri || r->space_in_uri || r->internal) {
+    if (r->quoted_uri || r->internal) {
          escape = 2 * ngx_escape_uri(NULL, r->uri.data + loc_len,
                                      r->uri.len - loc_len, NGX_ESCAPE_URI);
      } else {
@@ -1299,7 +1299,7 @@ ngx_http_proxy_create_request(ngx_http_request_t *r)
          loc_len = (r->valid_location && ctx->vars.uri.len) ?
                        plcf->location.len : 0;
  
-        if (r->quoted_uri || r->space_in_uri || r->internal) {
+        if (r->quoted_uri || r->internal) {
              escape = 2 * ngx_escape_uri(NULL, r->uri.data + loc_len,
                                          r->uri.len - loc_len, NGX_ESCAPE_URI);
          }
diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c

index 71fa3c7a5cc4c6642ddc1e9521ca3e1d0c7e0c6f..8297a132ba63c231497d7045b35eda41959d58b5 100644 (file)
--- a/src/http/ngx_http_parse.c
+++ b/src/http/ngx_http_parse.c
@@ -116,10 +116,8 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
          sw_host_end,
          sw_host_ip_literal,
          sw_port,
-        sw_host_http_09,
          sw_after_slash_in_uri,
          sw_check_uri,
-        sw_check_uri_http_09,
          sw_uri,
          sw_http_09,
          sw_http_H,
@@ -398,7 +396,7 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
                   */
                  r->uri_start = r->schema_end + 1;
                  r->uri_end = r->schema_end + 2;
-                state = sw_host_http_09;
+                state = sw_http_09;
                  break;
              default:
                  return NGX_HTTP_PARSE_INVALID_REQUEST;
@@ -472,35 +470,13 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
                   */
                  r->uri_start = r->schema_end + 1;
                  r->uri_end = r->schema_end + 2;
-                state = sw_host_http_09;
-                break;
-            default:
-                return NGX_HTTP_PARSE_INVALID_REQUEST;
-            }
-            break;
-
-        /* space+ after "http://host[:port] " */
-        case sw_host_http_09:
-            switch (ch) {
-            case ' ':
-                break;
-            case CR:
-                r->http_minor = 9;
-                state = sw_almost_done;
-                break;
-            case LF:
-                r->http_minor = 9;
-                goto done;
-            case 'H':
-                r->http_protocol.data = p;
-                state = sw_http_H;
+                state = sw_http_09;
                  break;
              default:
                  return NGX_HTTP_PARSE_INVALID_REQUEST;
              }
              break;
  
-
          /* check "/.", "//", "%", and "\" (Win32) in URI */
          case sw_after_slash_in_uri:
  
@@ -512,7 +488,7 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
              switch (ch) {
              case ' ':
                  r->uri_end = p;
-                state = sw_check_uri_http_09;
+                state = sw_http_09;
                  break;
              case CR:
                  r->uri_end = p;
@@ -584,7 +560,7 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
                  break;
              case ' ':
                  r->uri_end = p;
-                state = sw_check_uri_http_09;
+                state = sw_http_09;
                  break;
              case CR:
                  r->uri_end = p;
@@ -621,31 +597,6 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
              }
              break;
  
-        /* space+ after URI */
-        case sw_check_uri_http_09:
-            switch (ch) {
-            case ' ':
-                break;
-            case CR:
-                r->http_minor = 9;
-                state = sw_almost_done;
-                break;
-            case LF:
-                r->http_minor = 9;
-                goto done;
-            case 'H':
-                r->http_protocol.data = p;
-                state = sw_http_H;
-                break;
-            default:
-                r->space_in_uri = 1;
-                state = sw_check_uri;
-                p--;
-                break;
-            }
-            break;
-
-
          /* URI */
          case sw_uri:
  
@@ -692,10 +643,7 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
                  state = sw_http_H;
                  break;
              default:
-                r->space_in_uri = 1;
-                state = sw_uri;
-                p--;
-                break;
+                return NGX_HTTP_PARSE_INVALID_REQUEST;
              }
              break;
  
@@ -1171,9 +1119,7 @@ ngx_http_parse_uri(ngx_http_request_t *r)
  
              switch (ch) {
              case ' ':
-                r->space_in_uri = 1;
-                state = sw_check_uri;
-                break;
+                return NGX_ERROR;
              case '.':
                  r->complex_uri = 1;
                  state = sw_uri;
@@ -1232,8 +1178,7 @@ ngx_http_parse_uri(ngx_http_request_t *r)
                  r->uri_ext = p + 1;
                  break;
              case ' ':
-                r->space_in_uri = 1;
-                break;
+                return NGX_ERROR;
  #if (NGX_WIN32)
              case '\\':
                  r->complex_uri = 1;
@@ -1267,8 +1212,7 @@ ngx_http_parse_uri(ngx_http_request_t *r)
  
              switch (ch) {
              case ' ':
-                r->space_in_uri = 1;
-                break;
+                return NGX_ERROR;
              case '#':
                  r->complex_uri = 1;
                  break;
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c

index 2614b998c141a31288cba1c1b2f84dd71d60c363..7956610c4f876df552c1e107df3cf11686a7de7c 100644 (file)
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -1264,7 +1264,7 @@ ngx_http_process_request_uri(ngx_http_request_t *r)
      r->unparsed_uri.len = r->uri_end - r->uri_start;
      r->unparsed_uri.data = r->uri_start;
  
-    r->valid_unparsed_uri = (r->space_in_uri || r->empty_path_in_uri) ? 0 : 1;
+    r->valid_unparsed_uri = r->empty_path_in_uri ? 0 : 1;
  
      if (r->uri_ext) {
          if (r->args_start) {
diff --git a/src/http/ngx_http_request.h b/src/http/ngx_http_request.h

index fa4d5f99fe089e5c9a8b18c84c7f9daef99a0059..63576274e5daaefd99524aa70b76341caacad5b3 100644 (file)
--- a/src/http/ngx_http_request.h
+++ b/src/http/ngx_http_request.h
@@ -468,9 +468,6 @@ struct ngx_http_request_s {
      /* URI with "+" */
      unsigned                          plus_in_uri:1;
  
-    /* URI with " " */
-    unsigned                          space_in_uri:1;
-
      /* URI with empty path */
      unsigned                          empty_path_in_uri:1;
author	Maxim Dounin <mdounin@mdounin.ru>
	Mon, 28 Jun 2021 15:01:13 +0000 (18:01 +0300)
committer	Maxim Dounin <mdounin@mdounin.ru>
	Mon, 28 Jun 2021 15:01:13 +0000 (18:01 +0300)
src/http/modules/ngx_http_proxy_module.c		patch \| blob \| history
src/http/ngx_http_parse.c		patch \| blob \| history
src/http/ngx_http_request.c		patch \| blob \| history
src/http/ngx_http_request.h		patch \| blob \| history