From 3cc9b52615a57d73b1f4f13305bf0cf40813850d Mon Sep 17 00:00:00 2001 From: Ruslan Ermilov Date: Tue, 8 Oct 2019 21:56:14 +0300 Subject: [PATCH] The "/." and "/.." at the end of URI should be normalized. --- src/http/ngx_http_parse.c | 38 ++++++++++++++++++++++++++++++++------ 1 file changed, 32 insertions(+), 6 deletions(-) diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c index b8a27e084..ed5cf7506 100644 --- a/src/http/ngx_http_parse.c +++ b/src/http/ngx_http_parse.c @@ -1437,9 +1437,11 @@ ngx_http_parse_complex_uri(ngx_http_request_t *r, ngx_uint_t merge_slashes) state = sw_quoted; break; case '?': + u--; r->args_start = p; goto args; case '#': + u--; goto done; case '+': r->plus_in_uri = 1; @@ -1467,7 +1469,8 @@ ngx_http_parse_complex_uri(ngx_http_request_t *r, ngx_uint_t merge_slashes) case '\\': #endif case '/': - state = sw_slash; + case '?': + case '#': u -= 5; for ( ;; ) { if (u < r->uri.data) { @@ -1479,16 +1482,19 @@ ngx_http_parse_complex_uri(ngx_http_request_t *r, ngx_uint_t merge_slashes) } u--; } + if (ch == '?') { + r->args_start = p; + goto args; + } + if (ch == '#') { + goto done; + } + state = sw_slash; break; case '%': quoted_state = state; state = sw_quoted; break; - case '?': - r->args_start = p; - goto args; - case '#': - goto done; case '+': r->plus_in_uri = 1; /* fall through */ @@ -1565,6 +1571,26 @@ ngx_http_parse_complex_uri(ngx_http_request_t *r, ngx_uint_t merge_slashes) return NGX_HTTP_PARSE_INVALID_REQUEST; } + if (state == sw_dot) { + u--; + + } else if (state == sw_dot_dot) { + u -= 5; + + for ( ;; ) { + if (u < r->uri.data) { + return NGX_HTTP_PARSE_INVALID_REQUEST; + } + + if (*u == '/') { + u++; + break; + } + + u--; + } + } + done: r->uri.len = u - r->uri.data;