Welcome! Log In Create A New Profile

[nginx] Fixed parsing of absolute URIs with empty path (ticket #2079).

Forum List Message List New Topic Print View

Maxim Dounin

December 10, 2020 12:14PM

details: https://hg.nginx.org/nginx/rev/8989fbd2f89a
branches:
changeset: 7752:8989fbd2f89a
user: Maxim Dounin <mdounin@mdounin.ru>
date: Thu Dec 10 20:09:30 2020 +0300
description:
Fixed parsing of absolute URIs with empty path (ticket #2079).

When the request line contains request-target in the absolute-URI form,
it can contain path-empty instead of a single slash (see RFC 7230, RFC 3986).
Previously, the ngx_http_parse_request_line() function only accepted empty
path when there was no query string.

With this change, non-empty query is also correctly handled. That is,
request line "GET http://example.com?foo HTTP/1.1" is accepted and results
in $uri "/" and $args "foo".

Note that $request_uri remains "?foo", similarly to how spaces in URIs
are handled. Providing "/?foo", similarly to how "/" is provided for
"GET http://example.com HTTP/1.1", requires allocation.

diffstat:

src/http/ngx_http_parse.c | 17 +++++++++++++++++
src/http/ngx_http_request.c | 8 ++++++--
src/http/ngx_http_request.h | 3 +++
3 files changed, 26 insertions(+), 2 deletions(-)

diffs (79 lines):

diff -r 7efae6b4cfb0 -r 8989fbd2f89a src/http/ngx_http_parse.c
--- a/src/http/ngx_http_parse.c Tue Dec 08 01:43:36 2020 +0300
+++ b/src/http/ngx_http_parse.c Thu Dec 10 20:09:30 2020 +0300
@@ -380,6 +380,12 @@ ngx_http_parse_request_line(ngx_http_req
r->uri_start = p;
state = sw_after_slash_in_uri;
break;
+ case '?':
+ r->uri_start = p;
+ r->args_start = p + 1;
+ r->empty_path_in_uri = 1;
+ state = sw_uri;
+ break;
case ' ':
/*
* use single "/" from request line to preserve pointers,
@@ -446,6 +452,13 @@ ngx_http_parse_request_line(ngx_http_req
r->uri_start = p;
state = sw_after_slash_in_uri;
break;
+ case '?':
+ r->port_end = p;
+ r->uri_start = p;
+ r->args_start = p + 1;
+ r->empty_path_in_uri = 1;
+ state = sw_uri;
+ break;
case ' ':
r->port_end = p;
/*
@@ -1287,6 +1300,10 @@ ngx_http_parse_complex_uri(ngx_http_requ
r->uri_ext = NULL;
r->args_start = NULL;

+ if (r->empty_path_in_uri) {
+ *u++ = '/';
+ }
+
ch = *p++;

while (p <= r->uri_end) {
diff -r 7efae6b4cfb0 -r 8989fbd2f89a src/http/ngx_http_request.c
--- a/src/http/ngx_http_request.c Tue Dec 08 01:43:36 2020 +0300
+++ b/src/http/ngx_http_request.c Thu Dec 10 20:09:30 2020 +0300
@@ -1224,7 +1224,11 @@ ngx_http_process_request_uri(ngx_http_re
r->uri.len = r->uri_end - r->uri_start;
}

- if (r->complex_uri || r->quoted_uri) {
+ if (r->complex_uri || r->quoted_uri || r->empty_path_in_uri) {
+
+ if (r->empty_path_in_uri) {
+ r->uri.len++;
+ }

r->uri.data = ngx_pnalloc(r->pool, r->uri.len + 1);
if (r->uri.data == NULL) {
@@ -1250,7 +1254,7 @@ ngx_http_process_request_uri(ngx_http_re
r->unparsed_uri.len = r->uri_end - r->uri_start;
r->unparsed_uri.data = r->uri_start;

- r->valid_unparsed_uri = r->space_in_uri ? 0 : 1;
+ r->valid_unparsed_uri = (r->space_in_uri || r->empty_path_in_uri) ? 0 : 1;

if (r->uri_ext) {
if (r->args_start) {
diff -r 7efae6b4cfb0 -r 8989fbd2f89a src/http/ngx_http_request.h
--- a/src/http/ngx_http_request.h Tue Dec 08 01:43:36 2020 +0300
+++ b/src/http/ngx_http_request.h Thu Dec 10 20:09:30 2020 +0300
@@ -470,6 +470,9 @@ struct ngx_http_request_s {
/* URI with " " */
unsigned space_in_uri:1;

+ /* URI with empty path */
+ unsigned empty_path_in_uri:1;
+
unsigned invalid_header:1;

unsigned add_uri_to_alias:1;
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
[nginx] Fixed parsing of absolute URIs with empty path (ticket #2079).	Maxim Dounin	568	December 10, 2020 12:14PM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 280

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018