fix bug in http_referer_module that using incorrect input string length in the regex matching process when header Referer starts with https://

Liangbin Li lilb.edwin at gmail.com
Mon Aug 12 05:27:11 UTC 2013


--- ngx_http_referer_module.c
+++ ngx_http_referer_module.c
@@ -147,10 +147,12 @@

         if (ngx_strncasecmp(ref, (u_char *) "http://", 7) == 0) {
             ref += 7;
+            len -= 7;
             goto valid_scheme;

         } else if (ngx_strncasecmp(ref, (u_char *) "https://", 8) == 0) {
             ref += 8;
+            len -= 8;
             goto valid_scheme;
         }
     }
@@ -191,7 +193,7 @@
         ngx_int_t  rc;
         ngx_str_t  referer;

-        referer.len = len - 7;
+        referer.len = len;
         referer.data = ref;

         rc = ngx_regex_exec_array(rlcf->regex, &referer,
r->connection->log);
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20130812/40b92466/attachment.html>


More information about the nginx mailing list