Welcome! Log In Create A New Profile

Advanced

[nginx] Allowed '-' in method names.

Maxim Dounin
October 10, 2016 09:30AM
details: http://hg.nginx.org/nginx/rev/57148b755320
branches:
changeset: 6732:57148b755320
user: Maxim Dounin <mdounin@mdounin.ru>
date: Mon Oct 10 16:24:50 2016 +0300
description:
Allowed '-' in method names.

It is used at least by SOAP (M-POST method, defined by RFC 2774) and
by WebDAV versioning (VERSION-CONTROL and BASELINE-CONTROL methods,
defined by RFC 3253).

diffstat:

src/http/ngx_http_parse.c | 4 ++--
src/http/v2/ngx_http_v2.c | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)

diffs (33 lines):

diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c
--- a/src/http/ngx_http_parse.c
+++ b/src/http/ngx_http_parse.c
@@ -149,7 +149,7 @@ ngx_http_parse_request_line(ngx_http_req
break;
}

- if ((ch < 'A' || ch > 'Z') && ch != '_') {
+ if ((ch < 'A' || ch > 'Z') && ch != '_' && ch != '-') {
return NGX_HTTP_PARSE_INVALID_METHOD;
}

@@ -270,7 +270,7 @@ ngx_http_parse_request_line(ngx_http_req
break;
}

- if ((ch < 'A' || ch > 'Z') && ch != '_') {
+ if ((ch < 'A' || ch > 'Z') && ch != '_' && ch != '-') {
return NGX_HTTP_PARSE_INVALID_METHOD;
}

diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c
--- a/src/http/v2/ngx_http_v2.c
+++ b/src/http/v2/ngx_http_v2.c
@@ -3178,7 +3178,7 @@ ngx_http_v2_parse_method(ngx_http_reques
p = r->method_name.data;

do {
- if ((*p < 'A' || *p > 'Z') && *p != '_') {
+ if ((*p < 'A' || *p > 'Z') && *p != '_' && *p != '-') {
ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
"client sent invalid method: \"%V\"",
&r->method_name);

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[nginx] Allowed '-' in method names.

Maxim Dounin 519 October 10, 2016 09:30AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 158
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready