Welcome! Log In Create A New Profile

Advanced

[PATCH] Add strict Host validation

Piotr Sikora
December 17, 2014 09:54PM
# HG changeset patch
# User Piotr Sikora <piotr@cloudflare.com>
# Date 1418870862 28800
# Wed Dec 17 18:47:42 2014 -0800
# Node ID ab0442e232ce098438943a77422d8a04cc5b6790
# Parent 99751fe3bc3b285801b434f7f707d87fa42b093e
Add strict Host validation.

According to RFC3986, Host is a sequence of printable ASCII characters,
with the exception of: space, ", #, /, <, >, ?, @, \, ^, `, {, | and }.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>

diff -r 99751fe3bc3b -r ab0442e232ce src/http/ngx_http_request.c
--- a/src/http/ngx_http_request.c Fri Dec 12 20:25:42 2014 +0300
+++ b/src/http/ngx_http_request.c Wed Dec 17 18:47:42 2014 -0800
@@ -1955,12 +1955,25 @@ ngx_http_validate_host(ngx_str_t *host,
}
break;

- case '\0':
+ case ' ':
+ case '"':
+ case '#':
+ case '/':
+ case '<':
+ case '>':
+ case '?':
+ case '@':
+ case '\\':
+ case '^':
+ case '`':
+ case '{':
+ case '|':
+ case '}':
return NGX_DECLINED;

default:

- if (ngx_path_separator(ch)) {
+ if (ch < 0x20 || ch > 0x7e) {
return NGX_DECLINED;
}


_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[PATCH] Add strict Host validation

Piotr Sikora 744 December 17, 2014 09:54PM

Re: [PATCH] Add strict Host validation

Maxim Dounin 318 December 19, 2014 11:38AM

Re: [PATCH] Add strict Host validation

Piotr Sikora 309 December 19, 2014 04:10PM

Re: [PATCH] Add strict Host validation

Andrey Kulikov 316 December 20, 2014 12:00PM

RE: [PATCH] Add strict Host validation

Lukas Tribus 298 December 20, 2014 01:50PM

Re: [PATCH] Add strict Host validation

Piotr Sikora 356 December 20, 2014 04:34PM

Re: [PATCH] Add strict Host validation

Piotr Sikora 332 January 05, 2015 05:14PM

Re: [PATCH] Add strict Host validation

Maxim Dounin 329 January 12, 2015 07:38AM

Re: [PATCH] Add strict Host validation

Piotr Sikora 377 January 12, 2015 06:46PM

Re: [PATCH] Add strict Host validation

Ruslan Ermilov 380 January 13, 2015 07:40AM

Re: [PATCH] Add strict Host validation

Gena Makhomed 465 January 13, 2015 09:14AM

Re: [PATCH] Add strict Host validation

Sergey Budnevitch 369 January 13, 2015 07:44AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 219
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready