nginx-0.3.9-RELEASE import
*) Bugfix: nginx considered URI as unsafe if two any symbols was
between two slashes; the bug had appeared in 0.3.8.
diff --git a/docs/xml/nginx/changes.xml b/docs/xml/nginx/changes.xml
index dfac2a0..4402afc 100644
--- a/docs/xml/nginx/changes.xml
+++ b/docs/xml/nginx/changes.xml
@@ -9,6 +9,23 @@
<title lang="en">nginx changelog</title>
+<changes ver="0.3.9" date="10.11.2005">
+
+<change type="bugfix">
+<para lang="ru">
+nginx ÓÞÉÔÁÌ ÎÅÂÅÚÏÐÁÓÎÙÍÉ URI, × ËÏÔÏÒÙÈ ÍÅÖÄÕ Ä×ÕÍÑ ÓÌÜÛÁÍÉ
+ÎÁÈÏÄÉÌÏÓØ Ä×Á ÌÀÂÙÈ ÓÉÍ×ÏÌÁ;
+ÏÛÉÂËÁ ÐÏÑ×ÉÌÁÓØ × 0.3.8.
+</para>
+<para lang="en">
+nginx considered URI as unsafe if two any symbols was between two slashes;
+bug appeared in 0.3.8.
+</para>
+</change>
+
+</changes>
+
+
<changes ver="0.3.8" date="09.11.2005">
<change type="security">
@@ -119,7 +136,7 @@
<change type="bugfix">
<para lang="ru">
-ÒÁÂÏÞÉÅ ÐÒÏÃÅÓÓÙ ÎÅ ÓÂÒÁÓÙ×ÁÌ ÂÕÆÅÒÉÚÉÒÏ×ÁÎÎÙÅ ÌÏÇÉ ÐÒÉ ÐÌÁ×ÎÏÍ ×ÙÈÏÄÅ.
+ÒÁÂÏÞÉÅ ÐÒÏÃÅÓÓÙ ÎÅ ÓÂÒÁÓÙ×ÁÌÉ ÂÕÆÅÒÉÚÉÒÏ×ÁÎÎÙÅ ÌÏÇÉ ÐÒÉ ÐÌÁ×ÎÏÍ ×ÙÈÏÄÅ.
</para>
<para lang="en">
the worker processes did not flush the buffered logs on graceful exit.
diff --git a/src/core/nginx.h b/src/core/nginx.h
index 966d405..c498e07 100644
--- a/src/core/nginx.h
+++ b/src/core/nginx.h
@@ -8,7 +8,7 @@
#define _NGINX_H_INCLUDED_
-#define NGINX_VER "nginx/0.3.8"
+#define NGINX_VER "nginx/0.3.9"
#define NGINX_VAR "NGINX"
#define NGX_OLDPID_EXT ".oldbin"
diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c
index 0001286..b2e2f9e 100644
--- a/src/http/ngx_http_parse.c
+++ b/src/http/ngx_http_parse.c
@@ -1056,7 +1056,7 @@
/* detect "/../" */
- if (p[2] == '/') {
+ if (p[0] == '.' && p[1] == '.' && p[2] == '/') {
goto unsafe;
}
@@ -1070,7 +1070,9 @@
/* detect "/.../" */
- if (p[3] == '/' || p[3] == '\\') {
+ if (p[0] == '.' && p[1] == '.' && p[2] == '.'
+ && (p[3] == '/' || p[3] == '\\'))
+ {
goto unsafe;
}
}