[nginx] Fixed parsing of absolute URIs with empty path (ticket #2079).

Maxim Dounin mdounin at mdounin.ru
Thu Dec 10 17:13:18 UTC 2020


details:   https://hg.nginx.org/nginx/rev/8989fbd2f89a
branches:  
changeset: 7752:8989fbd2f89a
user:      Maxim Dounin <mdounin at mdounin.ru>
date:      Thu Dec 10 20:09:30 2020 +0300
description:
Fixed parsing of absolute URIs with empty path (ticket #2079).

When the request line contains request-target in the absolute-URI form,
it can contain path-empty instead of a single slash (see RFC 7230, RFC 3986).
Previously, the ngx_http_parse_request_line() function only accepted empty
path when there was no query string.

With this change, non-empty query is also correctly handled.  That is,
request line "GET http://example.com?foo HTTP/1.1" is accepted and results
in $uri "/" and $args "foo".

Note that $request_uri remains "?foo", similarly to how spaces in URIs
are handled.  Providing "/?foo", similarly to how "/" is provided for
"GET http://example.com HTTP/1.1", requires allocation.

diffstat:

 src/http/ngx_http_parse.c   |  17 +++++++++++++++++
 src/http/ngx_http_request.c |   8 ++++++--
 src/http/ngx_http_request.h |   3 +++
 3 files changed, 26 insertions(+), 2 deletions(-)

diffs (79 lines):

diff -r 7efae6b4cfb0 -r 8989fbd2f89a src/http/ngx_http_parse.c
--- a/src/http/ngx_http_parse.c	Tue Dec 08 01:43:36 2020 +0300
+++ b/src/http/ngx_http_parse.c	Thu Dec 10 20:09:30 2020 +0300
@@ -380,6 +380,12 @@ ngx_http_parse_request_line(ngx_http_req
                 r->uri_start = p;
                 state = sw_after_slash_in_uri;
                 break;
+            case '?':
+                r->uri_start = p;
+                r->args_start = p + 1;
+                r->empty_path_in_uri = 1;
+                state = sw_uri;
+                break;
             case ' ':
                 /*
                  * use single "/" from request line to preserve pointers,
@@ -446,6 +452,13 @@ ngx_http_parse_request_line(ngx_http_req
                 r->uri_start = p;
                 state = sw_after_slash_in_uri;
                 break;
+            case '?':
+                r->port_end = p;
+                r->uri_start = p;
+                r->args_start = p + 1;
+                r->empty_path_in_uri = 1;
+                state = sw_uri;
+                break;
             case ' ':
                 r->port_end = p;
                 /*
@@ -1287,6 +1300,10 @@ ngx_http_parse_complex_uri(ngx_http_requ
     r->uri_ext = NULL;
     r->args_start = NULL;
 
+    if (r->empty_path_in_uri) {
+        *u++ = '/';
+    }
+
     ch = *p++;
 
     while (p <= r->uri_end) {
diff -r 7efae6b4cfb0 -r 8989fbd2f89a src/http/ngx_http_request.c
--- a/src/http/ngx_http_request.c	Tue Dec 08 01:43:36 2020 +0300
+++ b/src/http/ngx_http_request.c	Thu Dec 10 20:09:30 2020 +0300
@@ -1224,7 +1224,11 @@ ngx_http_process_request_uri(ngx_http_re
         r->uri.len = r->uri_end - r->uri_start;
     }
 
-    if (r->complex_uri || r->quoted_uri) {
+    if (r->complex_uri || r->quoted_uri || r->empty_path_in_uri) {
+
+        if (r->empty_path_in_uri) {
+            r->uri.len++;
+        }
 
         r->uri.data = ngx_pnalloc(r->pool, r->uri.len + 1);
         if (r->uri.data == NULL) {
@@ -1250,7 +1254,7 @@ ngx_http_process_request_uri(ngx_http_re
     r->unparsed_uri.len = r->uri_end - r->uri_start;
     r->unparsed_uri.data = r->uri_start;
 
-    r->valid_unparsed_uri = r->space_in_uri ? 0 : 1;
+    r->valid_unparsed_uri = (r->space_in_uri || r->empty_path_in_uri) ? 0 : 1;
 
     if (r->uri_ext) {
         if (r->args_start) {
diff -r 7efae6b4cfb0 -r 8989fbd2f89a src/http/ngx_http_request.h
--- a/src/http/ngx_http_request.h	Tue Dec 08 01:43:36 2020 +0300
+++ b/src/http/ngx_http_request.h	Thu Dec 10 20:09:30 2020 +0300
@@ -470,6 +470,9 @@ struct ngx_http_request_s {
     /* URI with " " */
     unsigned                          space_in_uri:1;
 
+    /* URI with empty path */
+    unsigned                          empty_path_in_uri:1;
+
     unsigned                          invalid_header:1;
 
     unsigned                          add_uri_to_alias:1;


More information about the nginx-devel mailing list