details: https://hg.nginx.org/nginx/rev/4eb1383f6432
branches:
changeset: 8121:4eb1383f6432
user: Maxim Dounin <mdounin@mdounin.ru>
date: Thu Jan 26 03:34:44 2023 +0300
description:
Fixed handling of very long locations (ticket #2435).

Previously, location prefix length in ngx_http_location_tree_node_t was
stored as "u_char", and therefore location prefixes longer than 255 bytes
were handled incorrectly.

Fix is to use "u_short" instead. With "u_short", prefixes up to 65535 bytes
can be safely used, and this isn't reachable due to NGX_CONF_BUFFER, which
is 4096 bytes.

diffstat:

src/http/ngx_http.c | 2 +-
src/http/ngx_http_core_module.h | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)

diffs (25 lines):

diff -r c7e103acb409 -r 4eb1383f6432 src/http/ngx_http.c
--- a/src/http/ngx_http.c Tue Jan 24 03:01:51 2023 +0300
+++ b/src/http/ngx_http.c Thu Jan 26 03:34:44 2023 +0300
@@ -1130,7 +1130,7 @@ ngx_http_create_locations_tree(ngx_conf_
node->auto_redirect = (u_char) ((lq->exact && lq->exact->auto_redirect)
|| (lq->inclusive && lq->inclusive->auto_redirect));

- node->len = (u_char) len;
+ node->len = (u_short) len;
ngx_memcpy(node->name, &lq->name->data[prefix], len);

ngx_queue_split(locations, q, &tail);
diff -r c7e103acb409 -r 4eb1383f6432 src/http/ngx_http_core_module.h
--- a/src/http/ngx_http_core_module.h Tue Jan 24 03:01:51 2023 +0300
+++ b/src/http/ngx_http_core_module.h Thu Jan 26 03:34:44 2023 +0300
@@ -463,8 +463,8 @@ struct ngx_http_location_tree_node_s {
ngx_http_core_loc_conf_t *exact;
ngx_http_core_loc_conf_t *inclusive;

+ u_short len;
u_char auto_redirect;
- u_char len;
u_char name[1];
};

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel