[nginx] Disabled redirects to named locations if URI is not set.

Maxim Dounin mdounin at mdounin.ru
Thu Feb 27 16:55:08 UTC 2014

details:   http://hg.nginx.org/nginx/rev/0251f2f1dc93
changeset: 5584:0251f2f1dc93
user:      Maxim Dounin <mdounin at mdounin.ru>
date:      Thu Feb 27 20:36:35 2014 +0400
Disabled redirects to named locations if URI is not set.

If something like "error_page 400 @name" is used in a configuration,
a request could be passed to a named location without URI set, and this
in turn might result in segmentation faults or other bad effects
as most of the code assumes URI is set.

With this change nginx will catch such configuration problems in
ngx_http_named_location() and will stop request processing if URI
is not set, returning 500.


 src/http/ngx_http_core_module.c |  8 ++++++++
 1 files changed, 8 insertions(+), 0 deletions(-)

diffs (18 lines):

diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c
--- a/src/http/ngx_http_core_module.c
+++ b/src/http/ngx_http_core_module.c
@@ -2632,6 +2632,14 @@ ngx_http_named_location(ngx_http_request
         return NGX_DONE;
+    if (r->uri.len == 0) {
+        ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+                      "empty URI in redirect to named location \"%V\"", name);
+        ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
+        return NGX_DONE;
+    }
     cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module);
     if (cscf->named_locations) {

More information about the nginx-devel mailing list