[nginx] Disabled spaces in URIs (ticket #196).
|
Maxim Dounin
June 28, 2021 02:38PM
|
details: https://hg.nginx.org/nginx/rev/52338ddf9e2f
branches:
changeset: 7881:52338ddf9e2f
user: Maxim Dounin <mdounin@mdounin.ru>
date: Mon Jun 28 18:01:13 2021 +0300
description:
Disabled spaces in URIs (ticket #196).
>From now on, requests with spaces in URIs are immediately rejected rather
than allowed. Spaces were allowed in 31e9677b15a1 (0.8.41) to handle bad
clients. It is believed that now this behaviour causes more harm than
good.
diffstat:
src/http/modules/ngx_http_proxy_module.c | 4 +-
src/http/ngx_http_parse.c | 72 +++----------------------------
src/http/ngx_http_request.c | 2 +-
src/http/ngx_http_request.h | 3 -
4 files changed, 11 insertions(+), 70 deletions(-)
diffs (199 lines):
diff -r dfd8dfb436e5 -r 52338ddf9e2f src/http/modules/ngx_http_proxy_module.c
--- a/src/http/modules/ngx_http_proxy_module.c Mon Jun 28 18:01:11 2021 +0300
+++ b/src/http/modules/ngx_http_proxy_module.c Mon Jun 28 18:01:13 2021 +0300
@@ -1186,7 +1186,7 @@ ngx_http_proxy_create_key(ngx_http_reque
loc_len = (r->valid_location && ctx->vars.uri.len) ? plcf->location.len : 0;
- if (r->quoted_uri || r->space_in_uri || r->internal) {
+ if (r->quoted_uri || r->internal) {
escape = 2 * ngx_escape_uri(NULL, r->uri.data + loc_len,
r->uri.len - loc_len, NGX_ESCAPE_URI);
} else {
@@ -1299,7 +1299,7 @@ ngx_http_proxy_create_request(ngx_http_r
loc_len = (r->valid_location && ctx->vars.uri.len) ?
plcf->location.len : 0;
- if (r->quoted_uri || r->space_in_uri || r->internal) {
+ if (r->quoted_uri || r->internal) {
escape = 2 * ngx_escape_uri(NULL, r->uri.data + loc_len,
r->uri.len - loc_len, NGX_ESCAPE_URI);
}
diff -r dfd8dfb436e5 -r 52338ddf9e2f src/http/ngx_http_parse.c
--- a/src/http/ngx_http_parse.c Mon Jun 28 18:01:11 2021 +0300
+++ b/src/http/ngx_http_parse.c Mon Jun 28 18:01:13 2021 +0300
@@ -116,10 +116,8 @@ ngx_http_parse_request_line(ngx_http_req
sw_host_end,
sw_host_ip_literal,
sw_port,
- sw_host_http_09,
sw_after_slash_in_uri,
sw_check_uri,
- sw_check_uri_http_09,
sw_uri,
sw_http_09,
sw_http_H,
@@ -398,7 +396,7 @@ ngx_http_parse_request_line(ngx_http_req
*/
r->uri_start = r->schema_end + 1;
r->uri_end = r->schema_end + 2;
- state = sw_host_http_09;
+ state = sw_http_09;
break;
default:
return NGX_HTTP_PARSE_INVALID_REQUEST;
@@ -472,35 +470,13 @@ ngx_http_parse_request_line(ngx_http_req
*/
r->uri_start = r->schema_end + 1;
r->uri_end = r->schema_end + 2;
- state = sw_host_http_09;
+ state = sw_http_09;
break;
default:
return NGX_HTTP_PARSE_INVALID_REQUEST;
}
break;
- /* space+ after "http://host[:port] " */
- case sw_host_http_09:
- switch (ch) {
- case ' ':
- break;
- case CR:
- r->http_minor = 9;
- state = sw_almost_done;
- break;
- case LF:
- r->http_minor = 9;
- goto done;
- case 'H':
- r->http_protocol.data = p;
- state = sw_http_H;
- break;
- default:
- return NGX_HTTP_PARSE_INVALID_REQUEST;
- }
- break;
-
-
/* check "/.", "//", "%", and "\" (Win32) in URI */
case sw_after_slash_in_uri:
@@ -512,7 +488,7 @@ ngx_http_parse_request_line(ngx_http_req
switch (ch) {
case ' ':
r->uri_end = p;
- state = sw_check_uri_http_09;
+ state = sw_http_09;
break;
case CR:
r->uri_end = p;
@@ -584,7 +560,7 @@ ngx_http_parse_request_line(ngx_http_req
break;
case ' ':
r->uri_end = p;
- state = sw_check_uri_http_09;
+ state = sw_http_09;
break;
case CR:
r->uri_end = p;
@@ -621,31 +597,6 @@ ngx_http_parse_request_line(ngx_http_req
}
break;
- /* space+ after URI */
- case sw_check_uri_http_09:
- switch (ch) {
- case ' ':
- break;
- case CR:
- r->http_minor = 9;
- state = sw_almost_done;
- break;
- case LF:
- r->http_minor = 9;
- goto done;
- case 'H':
- r->http_protocol.data = p;
- state = sw_http_H;
- break;
- default:
- r->space_in_uri = 1;
- state = sw_check_uri;
- p--;
- break;
- }
- break;
-
-
/* URI */
case sw_uri:
@@ -692,10 +643,7 @@ ngx_http_parse_request_line(ngx_http_req
state = sw_http_H;
break;
default:
- r->space_in_uri = 1;
- state = sw_uri;
- p--;
- break;
+ return NGX_HTTP_PARSE_INVALID_REQUEST;
}
break;
@@ -1171,9 +1119,7 @@ ngx_http_parse_uri(ngx_http_request_t *r
switch (ch) {
case ' ':
- r->space_in_uri = 1;
- state = sw_check_uri;
- break;
+ return NGX_ERROR;
case '.':
r->complex_uri = 1;
state = sw_uri;
@@ -1232,8 +1178,7 @@ ngx_http_parse_uri(ngx_http_request_t *r
r->uri_ext = p + 1;
break;
case ' ':
- r->space_in_uri = 1;
- break;
+ return NGX_ERROR;
#if (NGX_WIN32)
case '\\':
r->complex_uri = 1;
@@ -1267,8 +1212,7 @@ ngx_http_parse_uri(ngx_http_request_t *r
switch (ch) {
case ' ':
- r->space_in_uri = 1;
- break;
+ return NGX_ERROR;
case '#':
r->complex_uri = 1;
break;
diff -r dfd8dfb436e5 -r 52338ddf9e2f src/http/ngx_http_request.c
--- a/src/http/ngx_http_request.c Mon Jun 28 18:01:11 2021 +0300
+++ b/src/http/ngx_http_request.c Mon Jun 28 18:01:13 2021 +0300
@@ -1264,7 +1264,7 @@ ngx_http_process_request_uri(ngx_http_re
r->unparsed_uri.len = r->uri_end - r->uri_start;
r->unparsed_uri.data = r->uri_start;
- r->valid_unparsed_uri = (r->space_in_uri || r->empty_path_in_uri) ? 0 : 1;
+ r->valid_unparsed_uri = r->empty_path_in_uri ? 0 : 1;
if (r->uri_ext) {
if (r->args_start) {
diff -r dfd8dfb436e5 -r 52338ddf9e2f src/http/ngx_http_request.h
--- a/src/http/ngx_http_request.h Mon Jun 28 18:01:11 2021 +0300
+++ b/src/http/ngx_http_request.h Mon Jun 28 18:01:13 2021 +0300
@@ -468,9 +468,6 @@ struct ngx_http_request_s {
/* URI with "+" */
unsigned plus_in_uri:1;
- /* URI with " " */
- unsigned space_in_uri:1;
-
/* URI with empty path */
unsigned empty_path_in_uri:1;
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
branches:
changeset: 7881:52338ddf9e2f
user: Maxim Dounin <mdounin@mdounin.ru>
date: Mon Jun 28 18:01:13 2021 +0300
description:
Disabled spaces in URIs (ticket #196).
>From now on, requests with spaces in URIs are immediately rejected rather
than allowed. Spaces were allowed in 31e9677b15a1 (0.8.41) to handle bad
clients. It is believed that now this behaviour causes more harm than
good.
diffstat:
src/http/modules/ngx_http_proxy_module.c | 4 +-
src/http/ngx_http_parse.c | 72 +++----------------------------
src/http/ngx_http_request.c | 2 +-
src/http/ngx_http_request.h | 3 -
4 files changed, 11 insertions(+), 70 deletions(-)
diffs (199 lines):
diff -r dfd8dfb436e5 -r 52338ddf9e2f src/http/modules/ngx_http_proxy_module.c
--- a/src/http/modules/ngx_http_proxy_module.c Mon Jun 28 18:01:11 2021 +0300
+++ b/src/http/modules/ngx_http_proxy_module.c Mon Jun 28 18:01:13 2021 +0300
@@ -1186,7 +1186,7 @@ ngx_http_proxy_create_key(ngx_http_reque
loc_len = (r->valid_location && ctx->vars.uri.len) ? plcf->location.len : 0;
- if (r->quoted_uri || r->space_in_uri || r->internal) {
+ if (r->quoted_uri || r->internal) {
escape = 2 * ngx_escape_uri(NULL, r->uri.data + loc_len,
r->uri.len - loc_len, NGX_ESCAPE_URI);
} else {
@@ -1299,7 +1299,7 @@ ngx_http_proxy_create_request(ngx_http_r
loc_len = (r->valid_location && ctx->vars.uri.len) ?
plcf->location.len : 0;
- if (r->quoted_uri || r->space_in_uri || r->internal) {
+ if (r->quoted_uri || r->internal) {
escape = 2 * ngx_escape_uri(NULL, r->uri.data + loc_len,
r->uri.len - loc_len, NGX_ESCAPE_URI);
}
diff -r dfd8dfb436e5 -r 52338ddf9e2f src/http/ngx_http_parse.c
--- a/src/http/ngx_http_parse.c Mon Jun 28 18:01:11 2021 +0300
+++ b/src/http/ngx_http_parse.c Mon Jun 28 18:01:13 2021 +0300
@@ -116,10 +116,8 @@ ngx_http_parse_request_line(ngx_http_req
sw_host_end,
sw_host_ip_literal,
sw_port,
- sw_host_http_09,
sw_after_slash_in_uri,
sw_check_uri,
- sw_check_uri_http_09,
sw_uri,
sw_http_09,
sw_http_H,
@@ -398,7 +396,7 @@ ngx_http_parse_request_line(ngx_http_req
*/
r->uri_start = r->schema_end + 1;
r->uri_end = r->schema_end + 2;
- state = sw_host_http_09;
+ state = sw_http_09;
break;
default:
return NGX_HTTP_PARSE_INVALID_REQUEST;
@@ -472,35 +470,13 @@ ngx_http_parse_request_line(ngx_http_req
*/
r->uri_start = r->schema_end + 1;
r->uri_end = r->schema_end + 2;
- state = sw_host_http_09;
+ state = sw_http_09;
break;
default:
return NGX_HTTP_PARSE_INVALID_REQUEST;
}
break;
- /* space+ after "http://host[:port] " */
- case sw_host_http_09:
- switch (ch) {
- case ' ':
- break;
- case CR:
- r->http_minor = 9;
- state = sw_almost_done;
- break;
- case LF:
- r->http_minor = 9;
- goto done;
- case 'H':
- r->http_protocol.data = p;
- state = sw_http_H;
- break;
- default:
- return NGX_HTTP_PARSE_INVALID_REQUEST;
- }
- break;
-
-
/* check "/.", "//", "%", and "\" (Win32) in URI */
case sw_after_slash_in_uri:
@@ -512,7 +488,7 @@ ngx_http_parse_request_line(ngx_http_req
switch (ch) {
case ' ':
r->uri_end = p;
- state = sw_check_uri_http_09;
+ state = sw_http_09;
break;
case CR:
r->uri_end = p;
@@ -584,7 +560,7 @@ ngx_http_parse_request_line(ngx_http_req
break;
case ' ':
r->uri_end = p;
- state = sw_check_uri_http_09;
+ state = sw_http_09;
break;
case CR:
r->uri_end = p;
@@ -621,31 +597,6 @@ ngx_http_parse_request_line(ngx_http_req
}
break;
- /* space+ after URI */
- case sw_check_uri_http_09:
- switch (ch) {
- case ' ':
- break;
- case CR:
- r->http_minor = 9;
- state = sw_almost_done;
- break;
- case LF:
- r->http_minor = 9;
- goto done;
- case 'H':
- r->http_protocol.data = p;
- state = sw_http_H;
- break;
- default:
- r->space_in_uri = 1;
- state = sw_check_uri;
- p--;
- break;
- }
- break;
-
-
/* URI */
case sw_uri:
@@ -692,10 +643,7 @@ ngx_http_parse_request_line(ngx_http_req
state = sw_http_H;
break;
default:
- r->space_in_uri = 1;
- state = sw_uri;
- p--;
- break;
+ return NGX_HTTP_PARSE_INVALID_REQUEST;
}
break;
@@ -1171,9 +1119,7 @@ ngx_http_parse_uri(ngx_http_request_t *r
switch (ch) {
case ' ':
- r->space_in_uri = 1;
- state = sw_check_uri;
- break;
+ return NGX_ERROR;
case '.':
r->complex_uri = 1;
state = sw_uri;
@@ -1232,8 +1178,7 @@ ngx_http_parse_uri(ngx_http_request_t *r
r->uri_ext = p + 1;
break;
case ' ':
- r->space_in_uri = 1;
- break;
+ return NGX_ERROR;
#if (NGX_WIN32)
case '\\':
r->complex_uri = 1;
@@ -1267,8 +1212,7 @@ ngx_http_parse_uri(ngx_http_request_t *r
switch (ch) {
case ' ':
- r->space_in_uri = 1;
- break;
+ return NGX_ERROR;
case '#':
r->complex_uri = 1;
break;
diff -r dfd8dfb436e5 -r 52338ddf9e2f src/http/ngx_http_request.c
--- a/src/http/ngx_http_request.c Mon Jun 28 18:01:11 2021 +0300
+++ b/src/http/ngx_http_request.c Mon Jun 28 18:01:13 2021 +0300
@@ -1264,7 +1264,7 @@ ngx_http_process_request_uri(ngx_http_re
r->unparsed_uri.len = r->uri_end - r->uri_start;
r->unparsed_uri.data = r->uri_start;
- r->valid_unparsed_uri = (r->space_in_uri || r->empty_path_in_uri) ? 0 : 1;
+ r->valid_unparsed_uri = r->empty_path_in_uri ? 0 : 1;
if (r->uri_ext) {
if (r->args_start) {
diff -r dfd8dfb436e5 -r 52338ddf9e2f src/http/ngx_http_request.h
--- a/src/http/ngx_http_request.h Mon Jun 28 18:01:11 2021 +0300
+++ b/src/http/ngx_http_request.h Mon Jun 28 18:01:13 2021 +0300
@@ -468,9 +468,6 @@ struct ngx_http_request_s {
/* URI with "+" */
unsigned plus_in_uri:1;
- /* URI with " " */
- unsigned space_in_uri:1;
-
/* URI with empty path */
unsigned empty_path_in_uri:1;
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
| Subject | Author | Views | Posted |
|---|---|---|---|
|
Maxim Dounin | 310 | June 28, 2021 02:38PM |
Sorry, you do not have permission to post/reply in this forum.
Online Users
Guests:
119
Record Number of Users:
8
on April 13, 2023
Record Number of Guests:
421
on December 02, 2018
This forum is powered by Phorum.
 |
 |
 |
 |
|