[nginx] svn commit: r4964 - in trunk/src/http/modules: . perl
ru at nginx.com
ru at nginx.com
Thu Dec 13 15:05:19 UTC 2012
Author: ru
Date: 2012-12-13 15:05:19 +0000 (Thu, 13 Dec 2012)
New Revision: 4964
URL: http://trac.nginx.org/nginx/changeset/4964/nginx
Log:
Fixed variable syntax checking in "set", "geo", "limit_conn_zone",
and "perl_set" directives.
Modified:
trunk/src/http/modules/ngx_http_geo_module.c
trunk/src/http/modules/ngx_http_limit_conn_module.c
trunk/src/http/modules/ngx_http_rewrite_module.c
trunk/src/http/modules/perl/ngx_http_perl_module.c
Modified: trunk/src/http/modules/ngx_http_geo_module.c
===================================================================
--- trunk/src/http/modules/ngx_http_geo_module.c 2012-12-13 13:45:39 UTC (rev 4963)
+++ trunk/src/http/modules/ngx_http_geo_module.c 2012-12-13 15:05:19 UTC (rev 4964)
@@ -322,6 +322,13 @@
}
name = value[1];
+
+ if (name.len < 2 || name.data[0] != '$') {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "invalid variable name \"%V\"", &name);
+ return NGX_CONF_ERROR;
+ }
+
name.len--;
name.data++;
Modified: trunk/src/http/modules/ngx_http_limit_conn_module.c
===================================================================
--- trunk/src/http/modules/ngx_http_limit_conn_module.c 2012-12-13 13:45:39 UTC (rev 4963)
+++ trunk/src/http/modules/ngx_http_limit_conn_module.c 2012-12-13 15:05:19 UTC (rev 4964)
@@ -540,7 +540,7 @@
continue;
}
- if (value[i].data[0] == '$') {
+ if (value[i].len > 1 && value[i].data[0] == '$') {
value[i].len--;
value[i].data++;
@@ -613,7 +613,7 @@
value = cf->args->elts;
- if (value[2].data[0] != '$') {
+ if (value[2].len < 2 || value[2].data[0] != '$') {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"invalid variable name \"%V\"", &value[2]);
return NGX_CONF_ERROR;
Modified: trunk/src/http/modules/ngx_http_rewrite_module.c
===================================================================
--- trunk/src/http/modules/ngx_http_rewrite_module.c 2012-12-13 13:45:39 UTC (rev 4963)
+++ trunk/src/http/modules/ngx_http_rewrite_module.c 2012-12-13 15:05:19 UTC (rev 4964)
@@ -908,7 +908,7 @@
value = cf->args->elts;
- if (value[1].data[0] != '$') {
+ if (value[1].len < 2 || value[1].data[0] != '$') {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"invalid variable name \"%V\"", &value[1]);
return NGX_CONF_ERROR;
Modified: trunk/src/http/modules/perl/ngx_http_perl_module.c
===================================================================
--- trunk/src/http/modules/perl/ngx_http_perl_module.c 2012-12-13 13:45:39 UTC (rev 4963)
+++ trunk/src/http/modules/perl/ngx_http_perl_module.c 2012-12-13 15:05:19 UTC (rev 4964)
@@ -968,7 +968,7 @@
value = cf->args->elts;
- if (value[1].data[0] != '$') {
+ if (value[1].len < 2 || value[1].data[0] != '$') {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"invalid variable name \"%V\"", &value[1]);
return NGX_CONF_ERROR;
More information about the nginx-devel
mailing list