technocloud-public/nginx-unit
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

HTTP parser: normalization of paths ending with "." or "..".

Browse Source 
Earlier, the paths were normalized only if there was a "/" at the end, which
is wrong according to section 5.2.4 of RFC 3986 and hypothetically may allow
to the directory above the document root.
This commit is contained in:
Valentin Bartenev
2019-09-30 19:11:17 +03:00
parent 2791c00cf2
commit 2dbda125db
1 changed files with 28 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
src/nxt_http_parse.c
View File

@@ -970,9 +970,11 @@ nxt_http_parse_complex_target(nxt_http_request_parse_t *rp)
state = sw_quoted;
continue;
case '?':
u--;
args = p;
goto args;
case '#':
u--;
goto done;
default:
state = sw_normal;
@@ -991,30 +993,42 @@ nxt_http_parse_complex_target(nxt_http_request_parse_t *rp)
}
switch (ch) {
case '/':
state = sw_slash;
case '?':
case '#':
u -= 5;
for ( ;; ) {
if (u < rp->path.start) {
return NXT_HTTP_PARSE_INVALID;
}
if (*u == '/') {
u++;
break;
}
u--;
}
if (ch == '?') {
args = p;
goto args;
}
if (ch == '#') {
goto done;
}
state = sw_slash;
break;
case '%':
saved_state = state;
state = sw_quoted;
continue;
case '?':
args = p;
goto args;
case '#':
goto done;
default:
state = sw_normal;
*u++ = ch;
@@ -1097,8 +1111,14 @@ nxt_http_parse_complex_target(nxt_http_request_parse_t *rp)
}
}
if (state >= sw_quoted) {
return NXT_HTTP_PARSE_INVALID;
if (state >= sw_dot) {
if (state >= sw_quoted) {
return NXT_HTTP_PARSE_INVALID;
}
/* "/." and "/.." must be normalized similar to "/./" and "/../". */
ch = '/';
goto again;
}
args: