[PATCH] guard against zero length root
Maxim Dounin
mdounin at mdounin.ru
Mon Aug 17 12:07:25 UTC 2015
Hello!
On Sun, Aug 16, 2015 at 02:26:59PM +0300, Markus Linnala wrote:
> # HG changeset patch
> # User Markus Linnala <Markus.Linnala at cybercom.com>
> # Date 1439724126 -10800
> # Sun Aug 16 14:22:06 2015 +0300
> # Node ID ca63e42fe06db68c9c85ed5d4140cb682c60d300
> # Parent 3b6d69857de22eb03b479223727c365e9035882b
> guard against zero length root
>
> diff -r 3b6d69857de2 -r ca63e42fe06d src/http/ngx_http_core_module.c
> --- a/src/http/ngx_http_core_module.c Thu Aug 13 16:27:17 2015 +0300
> +++ b/src/http/ngx_http_core_module.c Sun Aug 16 14:22:06 2015 +0300
> @@ -4476,6 +4476,14 @@
> clcf->alias = alias ? clcf->name.len : 0;
> clcf->root = value[1];
>
> + if (clcf->root.len == 0) {
> + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
> + "the \"%V\" value can not be empty",
> + &cmd->name);
> +
> + return NGX_CONF_ERROR;
> + }
> +
> if (!alias && clcf->root.data[clcf->root.len - 1] == '/') {
> clcf->root.len--;
> }
The restriction introduced looks strange. It might be better idea
to check clcf->root.len in the following test instead - as far as
I see, this test is the only problem with an empty root.
--
Maxim Dounin
http://nginx.org/
More information about the nginx-devel
mailing list