[nginx] svn commit: r4973 - in trunk/src/http: . modules modules/perl

ru at nginx.com ru at nginx.com
Mon Dec 17 19:03:33 UTC 2012


Author: ru
Date: 2012-12-17 19:03:33 +0000 (Mon, 17 Dec 2012)
New Revision: 4973
URL: http://trac.nginx.org/nginx/changeset/4973/nginx

Log:
Added checks that disallow adding a variable with an empty name.
Added variable name syntax checks to "geo" and "map" directives.


Modified:
   trunk/src/http/modules/ngx_http_geo_module.c
   trunk/src/http/modules/ngx_http_limit_conn_module.c
   trunk/src/http/modules/ngx_http_map_module.c
   trunk/src/http/modules/ngx_http_rewrite_module.c
   trunk/src/http/modules/ngx_http_split_clients_module.c
   trunk/src/http/modules/perl/ngx_http_perl_module.c
   trunk/src/http/ngx_http_variables.c

Modified: trunk/src/http/modules/ngx_http_geo_module.c
===================================================================
--- trunk/src/http/modules/ngx_http_geo_module.c	2012-12-17 12:08:53 UTC (rev 4972)
+++ trunk/src/http/modules/ngx_http_geo_module.c	2012-12-17 19:03:33 UTC (rev 4973)
@@ -325,7 +325,7 @@
 
     name = value[1];
 
-    if (name.len < 2 || name.data[0] != '$') {
+    if (name.data[0] != '$') {
         ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
                            "invalid variable name \"%V\"", &name);
         return NGX_CONF_ERROR;
@@ -342,6 +342,13 @@
         }
 
         name = value[2];
+
+        if (name.data[0] != '$') {
+            ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+                               "invalid variable name \"%V\"", &name);
+            return NGX_CONF_ERROR;
+        }
+
         name.len--;
         name.data++;
 

Modified: trunk/src/http/modules/ngx_http_limit_conn_module.c
===================================================================
--- trunk/src/http/modules/ngx_http_limit_conn_module.c	2012-12-17 12:08:53 UTC (rev 4972)
+++ trunk/src/http/modules/ngx_http_limit_conn_module.c	2012-12-17 19:03:33 UTC (rev 4973)
@@ -540,7 +540,7 @@
             continue;
         }
 
-        if (value[i].len > 1 && value[i].data[0] == '$') {
+        if (value[i].data[0] == '$') {
 
             value[i].len--;
             value[i].data++;
@@ -613,7 +613,7 @@
 
     value = cf->args->elts;
 
-    if (value[2].len < 2 || value[2].data[0] != '$') {
+    if (value[2].data[0] != '$') {
         ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
                            "invalid variable name \"%V\"", &value[2]);
         return NGX_CONF_ERROR;

Modified: trunk/src/http/modules/ngx_http_map_module.c
===================================================================
--- trunk/src/http/modules/ngx_http_map_module.c	2012-12-17 12:08:53 UTC (rev 4972)
+++ trunk/src/http/modules/ngx_http_map_module.c	2012-12-17 19:03:33 UTC (rev 4973)
@@ -209,6 +209,13 @@
     }
 
     name = value[2];
+
+    if (name.data[0] != '$') {
+        ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+                           "invalid variable name \"%V\"", &name);
+        return NGX_CONF_ERROR;
+    }
+
     name.len--;
     name.data++;
 

Modified: trunk/src/http/modules/ngx_http_rewrite_module.c
===================================================================
--- trunk/src/http/modules/ngx_http_rewrite_module.c	2012-12-17 12:08:53 UTC (rev 4972)
+++ trunk/src/http/modules/ngx_http_rewrite_module.c	2012-12-17 19:03:33 UTC (rev 4973)
@@ -908,7 +908,7 @@
 
     value = cf->args->elts;
 
-    if (value[1].len < 2 || value[1].data[0] != '$') {
+    if (value[1].data[0] != '$') {
         ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
                            "invalid variable name \"%V\"", &value[1]);
         return NGX_CONF_ERROR;

Modified: trunk/src/http/modules/ngx_http_split_clients_module.c
===================================================================
--- trunk/src/http/modules/ngx_http_split_clients_module.c	2012-12-17 12:08:53 UTC (rev 4972)
+++ trunk/src/http/modules/ngx_http_split_clients_module.c	2012-12-17 19:03:33 UTC (rev 4973)
@@ -139,7 +139,7 @@
 
     name = value[2];
 
-    if (name.len < 2 || name.data[0] != '$') {
+    if (name.data[0] != '$') {
         ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
                            "invalid variable name \"%V\"", &name);
         return NGX_CONF_ERROR;

Modified: trunk/src/http/modules/perl/ngx_http_perl_module.c
===================================================================
--- trunk/src/http/modules/perl/ngx_http_perl_module.c	2012-12-17 12:08:53 UTC (rev 4972)
+++ trunk/src/http/modules/perl/ngx_http_perl_module.c	2012-12-17 19:03:33 UTC (rev 4973)
@@ -968,7 +968,7 @@
 
     value = cf->args->elts;
 
-    if (value[1].len < 2 || value[1].data[0] != '$') {
+    if (value[1].data[0] != '$') {
         ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
                            "invalid variable name \"%V\"", &value[1]);
         return NGX_CONF_ERROR;

Modified: trunk/src/http/ngx_http_variables.c
===================================================================
--- trunk/src/http/ngx_http_variables.c	2012-12-17 12:08:53 UTC (rev 4972)
+++ trunk/src/http/ngx_http_variables.c	2012-12-17 19:03:33 UTC (rev 4973)
@@ -330,6 +330,12 @@
     ngx_http_variable_t        *v;
     ngx_http_core_main_conf_t  *cmcf;
 
+    if (name->len == 0) {
+        ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+                           "invalid variable name \"$\"");
+        return NULL;
+    }
+
     cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module);
 
     key = cmcf->variables_keys->keys.elts;
@@ -393,6 +399,12 @@
     ngx_http_variable_t        *v;
     ngx_http_core_main_conf_t  *cmcf;
 
+    if (name->len == 0) {
+        ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+                           "invalid variable name \"$\"");
+        return NGX_ERROR;
+    }
+
     cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module);
 
     v = cmcf->variables.elts;



More information about the nginx-devel mailing list