[PATCH] guard against zero length root

Maxim Dounin mdounin at mdounin.ru
Mon Aug 17 12:07:25 UTC 2015


Hello!

On Sun, Aug 16, 2015 at 02:26:59PM +0300, Markus Linnala wrote:

> # HG changeset patch
> # User Markus Linnala <Markus.Linnala at cybercom.com>
> # Date 1439724126 -10800
> #      Sun Aug 16 14:22:06 2015 +0300
> # Node ID ca63e42fe06db68c9c85ed5d4140cb682c60d300
> # Parent  3b6d69857de22eb03b479223727c365e9035882b
> guard against zero length root
> 
> diff -r 3b6d69857de2 -r ca63e42fe06d src/http/ngx_http_core_module.c
> --- a/src/http/ngx_http_core_module.c	Thu Aug 13 16:27:17 2015 +0300
> +++ b/src/http/ngx_http_core_module.c	Sun Aug 16 14:22:06 2015 +0300
> @@ -4476,6 +4476,14 @@
>      clcf->alias = alias ? clcf->name.len : 0;
>      clcf->root = value[1];
>  
> +    if (clcf->root.len == 0) {
> +        ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
> +                           "the \"%V\" value can not be empty",
> +                           &cmd->name);
> +
> +        return NGX_CONF_ERROR;
> +    }
> +
>      if (!alias && clcf->root.data[clcf->root.len - 1] == '/') {
>          clcf->root.len--;
>      }

The restriction introduced looks strange.  It might be better idea 
to check clcf->root.len in the following test instead - as far as 
I see, this test is the only problem with an empty root.

-- 
Maxim Dounin
http://nginx.org/



More information about the nginx-devel mailing list