Welcome! Log In Create A New Profile

[nginx] Detect more unsafe URIs in ngx_http_parse_unsafe_uri().

Forum List Message List New Topic Print View

Ruslan Ermilov

December 23, 2013 09:14AM

details: http://hg.nginx.org/nginx/rev/b141a7627ac6
branches:
changeset: 5490:b141a7627ac6
user: Ruslan Ermilov <ru@nginx.com>
date: Mon Dec 23 18:11:56 2013 +0400
description:
Detect more unsafe URIs in ngx_http_parse_unsafe_uri().

The following URIs were considered safe: "..", "../foo", and "/foo/..".

diffstat:

src/http/ngx_http_parse.c | 10 +++++++---
1 files changed, 7 insertions(+), 3 deletions(-)

diffs (28 lines):

diff -r 6d357b2a9d6e -r b141a7627ac6 src/http/ngx_http_parse.c
--- a/src/http/ngx_http_parse.c Mon Dec 23 18:11:46 2013 +0400
+++ b/src/http/ngx_http_parse.c Mon Dec 23 18:11:56 2013 +0400
@@ -1790,7 +1790,9 @@ ngx_http_parse_unsafe_uri(ngx_http_reque
goto unsafe;
}

- if (p[0] == '.' && len == 3 && p[1] == '.' && (ngx_path_separator(p[2]))) {
+ if (p[0] == '.' && len > 1 && p[1] == '.'
+ && (len == 2 || ngx_path_separator(p[2])))
+ {
goto unsafe;
}

@@ -1816,9 +1818,11 @@ ngx_http_parse_unsafe_uri(ngx_http_reque

if (ngx_path_separator(ch) && len > 2) {

- /* detect "/../" */
+ /* detect "/../" and "/.." */

- if (p[0] == '.' && p[1] == '.' && ngx_path_separator(p[2])) {
+ if (p[0] == '.' && p[1] == '.'
+ && (len == 3 || ngx_path_separator(p[2])))
+ {
goto unsafe;
}
}

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
[nginx] Detect more unsafe URIs in ngx_http_parse_unsafe_uri().	Ruslan Ermilov	875	December 23, 2013 09:14AM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 182

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018