[nginx] svn commit: r4711 - in branches/stable-1.2: . src/http src/http/modules

mdounin at mdounin.ru mdounin at mdounin.ru
Fri Jun 29 17:28:41 UTC 2012 

Author: mdounin
Date: 2012-06-29 17:28:41 +0000 (Fri, 29 Jun 2012)
New Revision: 4711
URL: http://trac.nginx.org/nginx/changeset/4711/nginx

Log:
Merge of r4636, r4637, r4638: config sanity checks.

*) Added syntax checking of the second parameter of the "split_clients"
   directive.

*) Capped the status code that may be returned with "return" and
   "try_files".

*) Zero padded the returned and logged HTTP status code, and fixed possible
   buffer overrun in $status handling.


Modified:
   branches/stable-1.2/
   branches/stable-1.2/src/http/modules/ngx_http_log_module.c
   branches/stable-1.2/src/http/modules/ngx_http_rewrite_module.c
   branches/stable-1.2/src/http/modules/ngx_http_split_clients_module.c
   branches/stable-1.2/src/http/ngx_http_core_module.c
   branches/stable-1.2/src/http/ngx_http_header_filter_module.c

Index: branches/stable-1.2
===================================================================
--- branches/stable-1.2	2012-06-29 11:03:01 UTC (rev 4710)
+++ branches/stable-1.2	2012-06-29 17:28:41 UTC (rev 4711)

Property changes on: branches/stable-1.2
___________________________________________________________________
Modified: svn:mergeinfo
## -1 +1 ##
-/trunk:4611-4632,4641,4645,4674-4676
+/trunk:4611-4632,4636-4638,4641,4645,4674-4676
\ No newline at end of property
Modified: branches/stable-1.2/src/http/modules/ngx_http_log_module.c
===================================================================
--- branches/stable-1.2/src/http/modules/ngx_http_log_module.c	2012-06-29 11:03:01 UTC (rev 4710)
+++ branches/stable-1.2/src/http/modules/ngx_http_log_module.c	2012-06-29 17:28:41 UTC (rev 4711)
@@ -205,7 +205,7 @@
     { ngx_string("msec"), NGX_TIME_T_LEN + 4, ngx_http_log_msec },
     { ngx_string("request_time"), NGX_TIME_T_LEN + 4,
                           ngx_http_log_request_time },
-    { ngx_string("status"), 3, ngx_http_log_status },
+    { ngx_string("status"), NGX_INT_T_LEN, ngx_http_log_status },
     { ngx_string("bytes_sent"), NGX_OFF_T_LEN, ngx_http_log_bytes_sent },
     { ngx_string("body_bytes_sent"), NGX_OFF_T_LEN,
                           ngx_http_log_body_bytes_sent },
@@ -593,7 +593,7 @@
         status = 0;
     }
 
-    return ngx_sprintf(buf, "%ui", status);
+    return ngx_sprintf(buf, "%03ui", status);
 }
 
 

Modified: branches/stable-1.2/src/http/modules/ngx_http_rewrite_module.c
===================================================================
--- branches/stable-1.2/src/http/modules/ngx_http_rewrite_module.c	2012-06-29 11:03:01 UTC (rev 4710)
+++ branches/stable-1.2/src/http/modules/ngx_http_rewrite_module.c	2012-06-29 17:28:41 UTC (rev 4711)
@@ -485,6 +485,12 @@
 
     } else {
 
+        if (ret->status > 999) {
+            ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+                               "invalid return code \"%V\"", &value[1]);
+            return NGX_CONF_ERROR;
+        }
+
         if (cf->args->nelts == 2) {
             return NGX_CONF_OK;
         }

Modified: branches/stable-1.2/src/http/modules/ngx_http_split_clients_module.c
===================================================================
--- branches/stable-1.2/src/http/modules/ngx_http_split_clients_module.c	2012-06-29 11:03:01 UTC (rev 4710)
+++ branches/stable-1.2/src/http/modules/ngx_http_split_clients_module.c	2012-06-29 17:28:41 UTC (rev 4711)
@@ -138,6 +138,13 @@
     }
 
     name = value[2];
+
+    if (name.len < 2 || name.data[0] != '$') {
+        ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+                           "invalid variable name \"%V\"", &name);
+        return NGX_CONF_ERROR;
+    }
+
     name.len--;
     name.data++;
 

Modified: branches/stable-1.2/src/http/ngx_http_core_module.c
===================================================================
--- branches/stable-1.2/src/http/ngx_http_core_module.c	2012-06-29 11:03:01 UTC (rev 4710)
+++ branches/stable-1.2/src/http/ngx_http_core_module.c	2012-06-29 17:28:41 UTC (rev 4711)
@@ -4662,7 +4662,7 @@
 
         code = ngx_atoi(tf[i - 1].name.data + 1, tf[i - 1].name.len - 2);
 
-        if (code == NGX_ERROR) {
+        if (code == NGX_ERROR || code > 999) {
             ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
                                "invalid code \"%*s\"",
                                tf[i - 1].name.len - 1, tf[i - 1].name.data);

Modified: branches/stable-1.2/src/http/ngx_http_header_filter_module.c
===================================================================
--- branches/stable-1.2/src/http/ngx_http_header_filter_module.c	2012-06-29 11:03:01 UTC (rev 4710)
+++ branches/stable-1.2/src/http/ngx_http_header_filter_module.c	2012-06-29 17:28:41 UTC (rev 4711)
@@ -445,7 +445,7 @@
         b->last = ngx_copy(b->last, status_line->data, status_line->len);
 
     } else {
-        b->last = ngx_sprintf(b->last, "%ui", status);
+        b->last = ngx_sprintf(b->last, "%03ui", status);
     }
     *b->last++ = CR; *b->last++ = LF;

More information about the nginx-devel mailing list