[nginx] Fixed parsing of absolute URIs with empty path (ticket #2079).
Maxim Dounin
mdounin at mdounin.ru
Thu Dec 10 17:13:18 UTC 2020
details: https://hg.nginx.org/nginx/rev/8989fbd2f89a
branches:
changeset: 7752:8989fbd2f89a
user: Maxim Dounin <mdounin at mdounin.ru>
date: Thu Dec 10 20:09:30 2020 +0300
description:
Fixed parsing of absolute URIs with empty path (ticket #2079).
When the request line contains request-target in the absolute-URI form,
it can contain path-empty instead of a single slash (see RFC 7230, RFC 3986).
Previously, the ngx_http_parse_request_line() function only accepted empty
path when there was no query string.
With this change, non-empty query is also correctly handled. That is,
request line "GET http://example.com?foo HTTP/1.1" is accepted and results
in $uri "/" and $args "foo".
Note that $request_uri remains "?foo", similarly to how spaces in URIs
are handled. Providing "/?foo", similarly to how "/" is provided for
"GET http://example.com HTTP/1.1", requires allocation.
diffstat:
src/http/ngx_http_parse.c | 17 +++++++++++++++++
src/http/ngx_http_request.c | 8 ++++++--
src/http/ngx_http_request.h | 3 +++
3 files changed, 26 insertions(+), 2 deletions(-)
diffs (79 lines):
diff -r 7efae6b4cfb0 -r 8989fbd2f89a src/http/ngx_http_parse.c
--- a/src/http/ngx_http_parse.c Tue Dec 08 01:43:36 2020 +0300
+++ b/src/http/ngx_http_parse.c Thu Dec 10 20:09:30 2020 +0300
@@ -380,6 +380,12 @@ ngx_http_parse_request_line(ngx_http_req
r->uri_start = p;
state = sw_after_slash_in_uri;
break;
+ case '?':
+ r->uri_start = p;
+ r->args_start = p + 1;
+ r->empty_path_in_uri = 1;
+ state = sw_uri;
+ break;
case ' ':
/*
* use single "/" from request line to preserve pointers,
@@ -446,6 +452,13 @@ ngx_http_parse_request_line(ngx_http_req
r->uri_start = p;
state = sw_after_slash_in_uri;
break;
+ case '?':
+ r->port_end = p;
+ r->uri_start = p;
+ r->args_start = p + 1;
+ r->empty_path_in_uri = 1;
+ state = sw_uri;
+ break;
case ' ':
r->port_end = p;
/*
@@ -1287,6 +1300,10 @@ ngx_http_parse_complex_uri(ngx_http_requ
r->uri_ext = NULL;
r->args_start = NULL;
+ if (r->empty_path_in_uri) {
+ *u++ = '/';
+ }
+
ch = *p++;
while (p <= r->uri_end) {
diff -r 7efae6b4cfb0 -r 8989fbd2f89a src/http/ngx_http_request.c
--- a/src/http/ngx_http_request.c Tue Dec 08 01:43:36 2020 +0300
+++ b/src/http/ngx_http_request.c Thu Dec 10 20:09:30 2020 +0300
@@ -1224,7 +1224,11 @@ ngx_http_process_request_uri(ngx_http_re
r->uri.len = r->uri_end - r->uri_start;
}
- if (r->complex_uri || r->quoted_uri) {
+ if (r->complex_uri || r->quoted_uri || r->empty_path_in_uri) {
+
+ if (r->empty_path_in_uri) {
+ r->uri.len++;
+ }
r->uri.data = ngx_pnalloc(r->pool, r->uri.len + 1);
if (r->uri.data == NULL) {
@@ -1250,7 +1254,7 @@ ngx_http_process_request_uri(ngx_http_re
r->unparsed_uri.len = r->uri_end - r->uri_start;
r->unparsed_uri.data = r->uri_start;
- r->valid_unparsed_uri = r->space_in_uri ? 0 : 1;
+ r->valid_unparsed_uri = (r->space_in_uri || r->empty_path_in_uri) ? 0 : 1;
if (r->uri_ext) {
if (r->args_start) {
diff -r 7efae6b4cfb0 -r 8989fbd2f89a src/http/ngx_http_request.h
--- a/src/http/ngx_http_request.h Tue Dec 08 01:43:36 2020 +0300
+++ b/src/http/ngx_http_request.h Thu Dec 10 20:09:30 2020 +0300
@@ -470,6 +470,9 @@ struct ngx_http_request_s {
/* URI with " " */
unsigned space_in_uri:1;
+ /* URI with empty path */
+ unsigned empty_path_in_uri:1;
+
unsigned invalid_header:1;
unsigned add_uri_to_alias:1;
More information about the nginx-devel
mailing list