Author: mdounin
Date: 2012-06-05 13:38:27 +0000 (Tue, 05 Jun 2012)
New Revision: 4676
URL: http://trac.nginx.org/nginx/changeset/4676/nginx

Log:
Win32: uris with ":$" are now rejected.

There are too many problems with special NTFS streams, notably "::$data",
"::$index_allocation" and ":$i30:$index_allocation".

For now we don't reject all URIs with ":" like Apache does as there are no
good reasons seen yet, and there are multiple programs using it in URLs
(e.g. MediaWiki).


Modified:
trunk/src/http/ngx_http_request.c

Modified: trunk/src/http/ngx_http_request.c
===================================================================
--- trunk/src/http/ngx_http_request.c 2012-06-05 13:37:29 UTC (rev 4675)
+++ trunk/src/http/ngx_http_request.c 2012-06-05 13:38:27 UTC (rev 4676)
@@ -812,8 +812,29 @@

#if (NGX_WIN32)
{
- u_char *p;
+ u_char *p, *last;

+ p = r->uri.data;
+ last = r->uri.data + r->uri.len;
+
+ while (p < last) {
+
+ if (*p++ == ':') {
+
+ /*
+ * this check covers "::$data", "::$index_allocation" and
+ * ":$i30:$index_allocation"
+ */
+
+ if (p < last && *p == '$') {
+ ngx_log_error(NGX_LOG_INFO, c->log, 0,
+ "client sent unsafe win32 URI");
+ ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST);
+ return;
+ }
+ }
+ }
+
p = r->uri.data + r->uri.len - 1;

while (p > r->uri.data) {
@@ -828,11 +849,6 @@
continue;
}

- if (ngx_strncasecmp(p - 6, (u_char *) "::$data", 7) == 0) {
- p -= 7;
- continue;
- }
-
break;
}


_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel