[nginx] svn commit: r4964 - in trunk/src/http/modules: . perl

ru at nginx.com ru at nginx.com
Thu Dec 13 15:05:19 UTC 2012 

Author: ru
Date: 2012-12-13 15:05:19 +0000 (Thu, 13 Dec 2012)
New Revision: 4964
URL: http://trac.nginx.org/nginx/changeset/4964/nginx

Log:
Fixed variable syntax checking in "set", "geo", "limit_conn_zone",
and "perl_set" directives.


Modified:
   trunk/src/http/modules/ngx_http_geo_module.c
   trunk/src/http/modules/ngx_http_limit_conn_module.c
   trunk/src/http/modules/ngx_http_rewrite_module.c
   trunk/src/http/modules/perl/ngx_http_perl_module.c

Modified: trunk/src/http/modules/ngx_http_geo_module.c
===================================================================
--- trunk/src/http/modules/ngx_http_geo_module.c	2012-12-13 13:45:39 UTC (rev 4963)
+++ trunk/src/http/modules/ngx_http_geo_module.c	2012-12-13 15:05:19 UTC (rev 4964)
@@ -322,6 +322,13 @@
     }
 
     name = value[1];
+
+    if (name.len < 2 || name.data[0] != '$') {
+        ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+                           "invalid variable name \"%V\"", &name);
+        return NGX_CONF_ERROR;
+    }
+
     name.len--;
     name.data++;
 

Modified: trunk/src/http/modules/ngx_http_limit_conn_module.c
===================================================================
--- trunk/src/http/modules/ngx_http_limit_conn_module.c	2012-12-13 13:45:39 UTC (rev 4963)
+++ trunk/src/http/modules/ngx_http_limit_conn_module.c	2012-12-13 15:05:19 UTC (rev 4964)
@@ -540,7 +540,7 @@
             continue;
         }
 
-        if (value[i].data[0] == '$') {
+        if (value[i].len > 1 && value[i].data[0] == '$') {
 
             value[i].len--;
             value[i].data++;
@@ -613,7 +613,7 @@
 
     value = cf->args->elts;
 
-    if (value[2].data[0] != '$') {
+    if (value[2].len < 2 || value[2].data[0] != '$') {
         ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
                            "invalid variable name \"%V\"", &value[2]);
         return NGX_CONF_ERROR;

Modified: trunk/src/http/modules/ngx_http_rewrite_module.c
===================================================================
--- trunk/src/http/modules/ngx_http_rewrite_module.c	2012-12-13 13:45:39 UTC (rev 4963)
+++ trunk/src/http/modules/ngx_http_rewrite_module.c	2012-12-13 15:05:19 UTC (rev 4964)
@@ -908,7 +908,7 @@
 
     value = cf->args->elts;
 
-    if (value[1].data[0] != '$') {
+    if (value[1].len < 2 || value[1].data[0] != '$') {
         ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
                            "invalid variable name \"%V\"", &value[1]);
         return NGX_CONF_ERROR;

Modified: trunk/src/http/modules/perl/ngx_http_perl_module.c
===================================================================
--- trunk/src/http/modules/perl/ngx_http_perl_module.c	2012-12-13 13:45:39 UTC (rev 4963)
+++ trunk/src/http/modules/perl/ngx_http_perl_module.c	2012-12-13 15:05:19 UTC (rev 4964)
@@ -968,7 +968,7 @@
 
     value = cf->args->elts;
 
-    if (value[1].data[0] != '$') {
+    if (value[1].len < 2 || value[1].data[0] != '$') {
         ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
                            "invalid variable name \"%V\"", &value[1]);
         return NGX_CONF_ERROR;

More information about the nginx-devel mailing list