Google Git
Sign in
nginx / nginx / a552ab476e95cd034d2463b3de95239010a8e0b0^! / .
commita552ab476e95cd034d2463b3de95239010a8e0b0[log] [tgz]
authorIgor Sysoev <igor@sysoev.ru>Fri Sep 25 09:30:06 2009 +0000
committerIgor Sysoev <igor@sysoev.ru>Fri Sep 25 09:30:06 2009 +0000
tree6bac5d4431e5bf59c800d9db195a76eb026869b1
parent7f6d71bbc848360f4f6b1ec276736b88fb15b3f0 [diff]
check unsafe Destination

diff --git a/src/http/modules/ngx_http_dav_module.c b/src/http/modules/ngx_http_dav_module.c
index 38e928c..1502fbf 100644
--- a/src/http/modules/ngx_http_dav_module.c
+++ b/src/http/modules/ngx_http_dav_module.c

@@ -516,8 +516,8 @@
     size_t                    len, root;
     ngx_err_t                 err;
     ngx_int_t                 rc, depth;
-    ngx_uint_t                overwrite, slash, dir;
-    ngx_str_t                 path, uri;
+    ngx_uint_t                overwrite, slash, dir, flags;
+    ngx_str_t                 path, uri, duri, args;
     ngx_tree_ctx_t            tree;
     ngx_copy_file_t           cf;
     ngx_file_info_t           fi;
@@ -594,6 +594,14 @@
 
 destination_done:
 
+    duri.len = last - p;
+    duri.data = p;
+    flags = 0;
+
+    if (ngx_http_parse_unsafe_uri(r, &duri, &args, &flags) != NGX_OK) {
+        goto invalid_destination;
+    }
+
     if ((r->uri.data[r->uri.len - 1] == '/' && *(last - 1) != '/')
         || (r->uri.data[r->uri.len - 1] != '/' && *(last - 1) == '/'))
     {
@@ -656,9 +664,7 @@
                    "http copy from: \"%s\"", path.data);
 
     uri = r->uri;
-
-    r->uri.len = last - p;
-    r->uri.data = p;
+    r->uri = duri;
 
     ngx_http_map_uri_to_path(r, &copy.path, &root, 0);
 

diff --git a/src/http/modules/ngx_http_ssi_filter_module.c b/src/http/modules/ngx_http_ssi_filter_module.c
index 24b30a8..d03e584 100644
--- a/src/http/modules/ngx_http_ssi_filter_module.c
+++ b/src/http/modules/ngx_http_ssi_filter_module.c

@@ -1908,7 +1908,7 @@
 
     args.len = 0;
     args.data = NULL;
-    flags = 0;
+    flags = NGX_HTTP_LOG_UNSAFE;
 
     if (ngx_http_parse_unsafe_uri(r, uri, &args, &flags) != NGX_OK) {
         return NGX_HTTP_SSI_ERROR;

diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c
index d2abaa7..b638f86 100644
--- a/src/http/ngx_http_parse.c
+++ b/src/http/ngx_http_parse.c

@@ -1322,8 +1322,10 @@
 
 unsafe:
 
-    ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
-                  "unsafe URI \"%V\" was detected", uri);
+    if (*flags & NGX_HTTP_LOG_UNSAFE) {
+        ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+                      "unsafe URI \"%V\" was detected", uri);
+    }
 
     return NGX_ERROR;
 }

diff --git a/src/http/ngx_http_request.h b/src/http/ngx_http_request.h
index 3bd70c3..8f34815 100644
--- a/src/http/ngx_http_request.h
+++ b/src/http/ngx_http_request.h

@@ -60,6 +60,7 @@
 #define NGX_HTTP_ZERO_IN_URI               1
 #define NGX_HTTP_SUBREQUEST_IN_MEMORY      2
 #define NGX_HTTP_SUBREQUEST_WAITED         4
+#define NGX_HTTP_LOG_UNSAFE                8
 
 
 #define NGX_HTTP_OK                        200

diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c
index 380b3c2..c2b5acf 100644
--- a/src/http/ngx_http_upstream.c
+++ b/src/http/ngx_http_upstream.c

@@ -1797,7 +1797,7 @@
         uri = &u->headers_in.x_accel_redirect->value;
         args.len = 0;
         args.data = NULL;
-        flags = 0;
+        flags = NGX_HTTP_LOG_UNSAFE;
 
         if (ngx_http_parse_unsafe_uri(r, uri, &args, &flags) != NGX_OK) {
             ngx_http_finalize_request(r, NGX_HTTP_NOT_FOUND);