Fijxu/nginx-quic
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

The "/." and "/.." at the end of URI should be normalized.

Browse source
This commit is contained in:
Ruslan Ermilov 2019-10-08 21:56:14 +03:00
parent 164f949bfd
commit 3cc9b52615
1 changed files with 32 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
src/http/ngx_http_parse.c
View file

@ -1437,9 +1437,11 @@ ngx_http_parse_complex_uri(ngx_http_request_t *r, ngx_uint_t merge_slashes)
state = sw_quoted;
break;
case '?':
u--;
r->args_start = p;
goto args;
case '#':
u--;
goto done;
case '+':
r->plus_in_uri = 1;
@ -1467,7 +1469,8 @@ ngx_http_parse_complex_uri(ngx_http_request_t *r, ngx_uint_t merge_slashes)
case '\\':
#endif
case '/':
state = sw_slash;
case '?':
case '#':
u -= 5;
for ( ;; ) {
if (u < r->uri.data) {
@ -1479,16 +1482,19 @@ ngx_http_parse_complex_uri(ngx_http_request_t *r, ngx_uint_t merge_slashes)
}
u--;
}
if (ch == '?') {
r->args_start = p;
goto args;
}
if (ch == '#') {
goto done;
}
state = sw_slash;
break;
case '%':
quoted_state = state;
state = sw_quoted;
break;
case '?':
r->args_start = p;
goto args;
case '#':
goto done;
case '+':
r->plus_in_uri = 1;
/* fall through */
@ -1565,6 +1571,26 @@ ngx_http_parse_complex_uri(ngx_http_request_t *r, ngx_uint_t merge_slashes)
return NGX_HTTP_PARSE_INVALID_REQUEST;
}
if (state == sw_dot) {
u--;
} else if (state == sw_dot_dot) {
u -= 5;
for ( ;; ) {
if (u < r->uri.data) {
return NGX_HTTP_PARSE_INVALID_REQUEST;
}
if (*u == '/') {
u++;
break;
}
u--;
}
}
done:
r->uri.len = u - r->uri.data;