nginx/src/http/ngx_http_parse.c

2309 lines
56 KiB
C
Raw Normal View History

2002-08-16 01:20:26 +08:00
/*
* Copyright (C) Igor Sysoev
2012-01-18 23:07:43 +08:00
* Copyright (C) Nginx, Inc.
*/
2002-08-16 01:20:26 +08:00
#include <ngx_config.h>
2002-08-30 00:59:54 +08:00
#include <ngx_core.h>
2002-08-16 01:20:26 +08:00
#include <ngx_http.h>
2006-10-31 20:27:32 +08:00
static uint32_t usual[] = {
2006-10-28 22:36:44 +08:00
0xffffdbfe, /* 1111 1111 1111 1111 1101 1011 1111 1110 */
2006-10-28 20:04:43 +08:00
2006-10-28 22:36:44 +08:00
/* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */
0x7fff37d6, /* 0111 1111 1111 1111 0011 0111 1101 0110 */
2006-10-28 20:04:43 +08:00
2006-10-28 22:36:44 +08:00
/* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */
#if (NGX_WIN32)
2006-10-28 22:36:44 +08:00
0xefffffff, /* 1110 1111 1111 1111 1111 1111 1111 1111 */
#else
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
#endif
2006-10-28 20:04:43 +08:00
2006-10-28 22:36:44 +08:00
/* ~}| {zyx wvut srqp onml kjih gfed cba` */
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
2006-10-28 20:04:43 +08:00
2006-10-28 22:36:44 +08:00
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */
};
2006-10-28 20:04:43 +08:00
#if (NGX_HAVE_LITTLE_ENDIAN && NGX_HAVE_NONALIGNED)
#define ngx_str3_cmp(m, c0, c1, c2, c3) \
*(uint32_t *) m == ((c3 << 24) | (c2 << 16) | (c1 << 8) | c0)
#define ngx_str3Ocmp(m, c0, c1, c2, c3) \
*(uint32_t *) m == ((c3 << 24) | (c2 << 16) | (c1 << 8) | c0)
#define ngx_str4cmp(m, c0, c1, c2, c3) \
*(uint32_t *) m == ((c3 << 24) | (c2 << 16) | (c1 << 8) | c0)
#define ngx_str5cmp(m, c0, c1, c2, c3, c4) \
*(uint32_t *) m == ((c3 << 24) | (c2 << 16) | (c1 << 8) | c0) \
&& m[4] == c4
#define ngx_str6cmp(m, c0, c1, c2, c3, c4, c5) \
*(uint32_t *) m == ((c3 << 24) | (c2 << 16) | (c1 << 8) | c0) \
&& (((uint32_t *) m)[1] & 0xffff) == ((c5 << 8) | c4)
#define ngx_str7_cmp(m, c0, c1, c2, c3, c4, c5, c6, c7) \
*(uint32_t *) m == ((c3 << 24) | (c2 << 16) | (c1 << 8) | c0) \
&& ((uint32_t *) m)[1] == ((c7 << 24) | (c6 << 16) | (c5 << 8) | c4)
#define ngx_str8cmp(m, c0, c1, c2, c3, c4, c5, c6, c7) \
*(uint32_t *) m == ((c3 << 24) | (c2 << 16) | (c1 << 8) | c0) \
&& ((uint32_t *) m)[1] == ((c7 << 24) | (c6 << 16) | (c5 << 8) | c4)
#define ngx_str9cmp(m, c0, c1, c2, c3, c4, c5, c6, c7, c8) \
*(uint32_t *) m == ((c3 << 24) | (c2 << 16) | (c1 << 8) | c0) \
&& ((uint32_t *) m)[1] == ((c7 << 24) | (c6 << 16) | (c5 << 8) | c4) \
&& m[8] == c8
#else /* !(NGX_HAVE_LITTLE_ENDIAN && NGX_HAVE_NONALIGNED) */
#define ngx_str3_cmp(m, c0, c1, c2, c3) \
m[0] == c0 && m[1] == c1 && m[2] == c2
#define ngx_str3Ocmp(m, c0, c1, c2, c3) \
m[0] == c0 && m[2] == c2 && m[3] == c3
#define ngx_str4cmp(m, c0, c1, c2, c3) \
m[0] == c0 && m[1] == c1 && m[2] == c2 && m[3] == c3
#define ngx_str5cmp(m, c0, c1, c2, c3, c4) \
m[0] == c0 && m[1] == c1 && m[2] == c2 && m[3] == c3 && m[4] == c4
#define ngx_str6cmp(m, c0, c1, c2, c3, c4, c5) \
m[0] == c0 && m[1] == c1 && m[2] == c2 && m[3] == c3 \
&& m[4] == c4 && m[5] == c5
#define ngx_str7_cmp(m, c0, c1, c2, c3, c4, c5, c6, c7) \
m[0] == c0 && m[1] == c1 && m[2] == c2 && m[3] == c3 \
&& m[4] == c4 && m[5] == c5 && m[6] == c6
#define ngx_str8cmp(m, c0, c1, c2, c3, c4, c5, c6, c7) \
m[0] == c0 && m[1] == c1 && m[2] == c2 && m[3] == c3 \
&& m[4] == c4 && m[5] == c5 && m[6] == c6 && m[7] == c7
#define ngx_str9cmp(m, c0, c1, c2, c3, c4, c5, c6, c7, c8) \
m[0] == c0 && m[1] == c1 && m[2] == c2 && m[3] == c3 \
&& m[4] == c4 && m[5] == c5 && m[6] == c6 && m[7] == c7 && m[8] == c8
#endif
/* gcc, icc, msvc and others compile these switches as an jump table */
nginx-0.1.29-RELEASE import *) Feature: the ngx_http_ssi_module supports "include virtual" command. *) Feature: the ngx_http_ssi_module supports the condition command like 'if expr="$NAME"' and "else" and "endif" commands. Only one nested level is supported. *) Feature: the ngx_http_ssi_module supports the DATE_LOCAL and DATE_GMT variables and "config timefmt" command. *) Feature: the "ssi_ignore_recycled_buffers" directive. *) Bugfix: the "echo" command did not show the default value for the empty QUERY_STRING variable. *) Change: the ngx_http_proxy_module was rewritten. *) Feature: the "proxy_redirect", "proxy_pass_request_headers", "proxy_pass_request_body", and "proxy_method" directives. *) Feature: the "proxy_set_header" directive. The "proxy_x_var" was canceled and must be replaced with the proxy_set_header directive. *) Change: the "proxy_preserve_host" is canceled and must be replaced with the "proxy_set_header Host $host" and the "proxy_redirect off" directives, the "proxy_set_header Host $host:$proxy_port" directive and the appropriate proxy_redirect directives. *) Change: the "proxy_set_x_real_ip" is canceled and must be replaced with the "proxy_set_header X-Real-IP $remote_addr" directive. *) Change: the "proxy_add_x_forwarded_for" is canceled and must be replaced with the "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for" directive. *) Change: the "proxy_set_x_url" is canceled and must be replaced with the "proxy_set_header X-URL http://$host:$server_port$request_uri" directive. *) Feature: the "fastcgi_param" directive. *) Change: the "fastcgi_root", "fastcgi_set_var" and "fastcgi_params" directive are canceled and must be replaced with the fastcgi_param directives. *) Feature: the "index" directive can use the variables. *) Feature: the "index" directive can be used at http and server levels. *) Change: the last index only in the "index" directive can be absolute. *) Feature: the "rewrite" directive can use the variables. *) Feature: the "internal" directive. *) Feature: the CONTENT_LENGTH, CONTENT_TYPE, REMOTE_PORT, SERVER_ADDR, SERVER_PORT, SERVER_PROTOCOL, DOCUMENT_ROOT, SERVER_NAME, REQUEST_METHOD, REQUEST_URI, and REMOTE_USER variables. *) Change: nginx now passes the invalid lines in a client request headers or a backend response header. *) Bugfix: if the backend did not transfer response for a long time and the "send_timeout" was less than "proxy_read_timeout", then nginx returned the 408 response. *) Bugfix: the segmentation fault was occurred if the backend sent an invalid line in response header; the bug had appeared in 0.1.26. *) Bugfix: the segmentation fault may occurred in FastCGI fault tolerance configuration. *) Bugfix: the "expires" directive did not remove the previous "Expires" and "Cache-Control" headers. *) Bugfix: nginx did not take into account trailing dot in "Host" header line. *) Bugfix: the ngx_http_auth_module did not work under Linux. *) Bugfix: the rewrite directive worked incorrectly, if the arguments were in a request. *) Bugfix: nginx could not be built on MacOS X.
2005-05-12 22:58:06 +08:00
ngx_int_t
ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
2002-08-16 01:20:26 +08:00
{
u_char c, ch, *p, *m;
2002-08-16 01:20:26 +08:00
enum {
2002-08-30 00:59:54 +08:00
sw_start = 0,
2004-04-14 13:57:36 +08:00
sw_method,
2002-08-30 00:59:54 +08:00
sw_spaces_before_uri,
2004-04-14 13:57:36 +08:00
sw_schema,
sw_schema_slash,
sw_schema_slash_slash,
sw_host_start,
2004-04-14 13:57:36 +08:00
sw_host,
sw_host_end,
sw_host_ip_literal,
2004-04-14 13:57:36 +08:00
sw_port,
2010-06-15 17:31:19 +08:00
sw_host_http_09,
2002-08-30 00:59:54 +08:00
sw_after_slash_in_uri,
sw_check_uri,
2010-06-15 17:31:19 +08:00
sw_check_uri_http_09,
2002-08-30 00:59:54 +08:00
sw_uri,
sw_http_09,
2003-05-20 00:39:14 +08:00
sw_http_H,
sw_http_HT,
sw_http_HTT,
sw_http_HTTP,
2002-08-30 00:59:54 +08:00
sw_first_major_digit,
sw_major_digit,
sw_first_minor_digit,
sw_minor_digit,
sw_spaces_after_digit,
sw_almost_done
2002-12-05 00:29:40 +08:00
} state;
state = r->state;
2002-08-16 01:20:26 +08:00
for (p = b->pos; p < b->last; p++) {
ch = *p;
2002-08-16 01:20:26 +08:00
switch (state) {
/* HTTP methods: GET, HEAD, POST */
2002-08-30 00:59:54 +08:00
case sw_start:
r->request_start = p;
2003-03-05 14:37:42 +08:00
2004-04-22 02:54:33 +08:00
if (ch == CR || ch == LF) {
break;
}
2009-07-13 17:33:34 +08:00
if ((ch < 'A' || ch > 'Z') && ch != '_') {
2003-05-20 00:39:14 +08:00
return NGX_HTTP_PARSE_INVALID_METHOD;
}
2002-08-16 01:20:26 +08:00
2004-04-14 13:57:36 +08:00
state = sw_method;
2003-05-20 00:39:14 +08:00
break;
2002-08-16 01:20:26 +08:00
2004-04-14 13:57:36 +08:00
case sw_method:
if (ch == ' ') {
nginx-0.1.29-RELEASE import *) Feature: the ngx_http_ssi_module supports "include virtual" command. *) Feature: the ngx_http_ssi_module supports the condition command like 'if expr="$NAME"' and "else" and "endif" commands. Only one nested level is supported. *) Feature: the ngx_http_ssi_module supports the DATE_LOCAL and DATE_GMT variables and "config timefmt" command. *) Feature: the "ssi_ignore_recycled_buffers" directive. *) Bugfix: the "echo" command did not show the default value for the empty QUERY_STRING variable. *) Change: the ngx_http_proxy_module was rewritten. *) Feature: the "proxy_redirect", "proxy_pass_request_headers", "proxy_pass_request_body", and "proxy_method" directives. *) Feature: the "proxy_set_header" directive. The "proxy_x_var" was canceled and must be replaced with the proxy_set_header directive. *) Change: the "proxy_preserve_host" is canceled and must be replaced with the "proxy_set_header Host $host" and the "proxy_redirect off" directives, the "proxy_set_header Host $host:$proxy_port" directive and the appropriate proxy_redirect directives. *) Change: the "proxy_set_x_real_ip" is canceled and must be replaced with the "proxy_set_header X-Real-IP $remote_addr" directive. *) Change: the "proxy_add_x_forwarded_for" is canceled and must be replaced with the "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for" directive. *) Change: the "proxy_set_x_url" is canceled and must be replaced with the "proxy_set_header X-URL http://$host:$server_port$request_uri" directive. *) Feature: the "fastcgi_param" directive. *) Change: the "fastcgi_root", "fastcgi_set_var" and "fastcgi_params" directive are canceled and must be replaced with the fastcgi_param directives. *) Feature: the "index" directive can use the variables. *) Feature: the "index" directive can be used at http and server levels. *) Change: the last index only in the "index" directive can be absolute. *) Feature: the "rewrite" directive can use the variables. *) Feature: the "internal" directive. *) Feature: the CONTENT_LENGTH, CONTENT_TYPE, REMOTE_PORT, SERVER_ADDR, SERVER_PORT, SERVER_PROTOCOL, DOCUMENT_ROOT, SERVER_NAME, REQUEST_METHOD, REQUEST_URI, and REMOTE_USER variables. *) Change: nginx now passes the invalid lines in a client request headers or a backend response header. *) Bugfix: if the backend did not transfer response for a long time and the "send_timeout" was less than "proxy_read_timeout", then nginx returned the 408 response. *) Bugfix: the segmentation fault was occurred if the backend sent an invalid line in response header; the bug had appeared in 0.1.26. *) Bugfix: the segmentation fault may occurred in FastCGI fault tolerance configuration. *) Bugfix: the "expires" directive did not remove the previous "Expires" and "Cache-Control" headers. *) Bugfix: nginx did not take into account trailing dot in "Host" header line. *) Bugfix: the ngx_http_auth_module did not work under Linux. *) Bugfix: the rewrite directive worked incorrectly, if the arguments were in a request. *) Bugfix: nginx could not be built on MacOS X.
2005-05-12 22:58:06 +08:00
r->method_end = p - 1;
2004-04-14 13:57:36 +08:00
m = r->request_start;
switch (p - m) {
2004-04-14 13:57:36 +08:00
case 3:
if (ngx_str3_cmp(m, 'G', 'E', 'T', ' ')) {
2004-04-14 13:57:36 +08:00
r->method = NGX_HTTP_GET;
2006-11-14 20:43:48 +08:00
break;
}
if (ngx_str3_cmp(m, 'P', 'U', 'T', ' ')) {
r->method = NGX_HTTP_PUT;
2006-11-14 20:43:48 +08:00
break;
2004-04-14 13:57:36 +08:00
}
2006-11-14 20:43:48 +08:00
break;
2004-04-14 13:57:36 +08:00
case 4:
2006-11-14 20:43:48 +08:00
if (m[1] == 'O') {
if (ngx_str3Ocmp(m, 'P', 'O', 'S', 'T')) {
2006-11-14 20:43:48 +08:00
r->method = NGX_HTTP_POST;
break;
}
if (ngx_str3Ocmp(m, 'C', 'O', 'P', 'Y')) {
2006-11-14 20:43:48 +08:00
r->method = NGX_HTTP_COPY;
break;
}
if (ngx_str3Ocmp(m, 'M', 'O', 'V', 'E')) {
2006-11-14 20:43:48 +08:00
r->method = NGX_HTTP_MOVE;
break;
}
if (ngx_str3Ocmp(m, 'L', 'O', 'C', 'K')) {
2006-11-14 20:43:48 +08:00
r->method = NGX_HTTP_LOCK;
break;
}
} else {
if (ngx_str4cmp(m, 'H', 'E', 'A', 'D')) {
2006-11-14 20:43:48 +08:00
r->method = NGX_HTTP_HEAD;
break;
}
2004-04-14 13:57:36 +08:00
}
2006-11-14 20:43:48 +08:00
break;
case 5:
if (ngx_str5cmp(m, 'M', 'K', 'C', 'O', 'L')) {
r->method = NGX_HTTP_MKCOL;
break;
}
2006-11-14 20:43:48 +08:00
2010-06-10 19:08:28 +08:00
if (ngx_str5cmp(m, 'P', 'A', 'T', 'C', 'H')) {
r->method = NGX_HTTP_PATCH;
break;
2010-06-10 19:08:28 +08:00
}
if (ngx_str5cmp(m, 'T', 'R', 'A', 'C', 'E')) {
2007-03-31 02:59:26 +08:00
r->method = NGX_HTTP_TRACE;
break;
2007-03-31 02:59:26 +08:00
}
break;
case 6:
if (ngx_str6cmp(m, 'D', 'E', 'L', 'E', 'T', 'E')) {
r->method = NGX_HTTP_DELETE;
2006-11-14 20:43:48 +08:00
break;
}
if (ngx_str6cmp(m, 'U', 'N', 'L', 'O', 'C', 'K')) {
2006-11-14 20:43:48 +08:00
r->method = NGX_HTTP_UNLOCK;
break;
}
break;
case 7:
if (ngx_str7_cmp(m, 'O', 'P', 'T', 'I', 'O', 'N', 'S', ' '))
2006-11-14 20:43:48 +08:00
{
r->method = NGX_HTTP_OPTIONS;
}
break;
case 8:
if (ngx_str8cmp(m, 'P', 'R', 'O', 'P', 'F', 'I', 'N', 'D'))
2006-11-14 20:43:48 +08:00
{
r->method = NGX_HTTP_PROPFIND;
}
2006-11-14 20:43:48 +08:00
break;
case 9:
if (ngx_str9cmp(m,
'P', 'R', 'O', 'P', 'P', 'A', 'T', 'C', 'H'))
2006-11-14 20:43:48 +08:00
{
r->method = NGX_HTTP_PROPPATCH;
}
break;
2004-04-14 13:57:36 +08:00
}
state = sw_spaces_before_uri;
2002-08-16 01:20:26 +08:00
break;
2003-05-20 00:39:14 +08:00
}
2002-08-16 01:20:26 +08:00
2009-07-13 17:33:34 +08:00
if ((ch < 'A' || ch > 'Z') && ch != '_') {
2003-05-20 00:39:14 +08:00
return NGX_HTTP_PARSE_INVALID_METHOD;
}
2004-04-14 13:57:36 +08:00
2003-05-20 00:39:14 +08:00
break;
2002-08-16 01:20:26 +08:00
2004-04-14 13:57:36 +08:00
/* space* before URI */
case sw_spaces_before_uri:
2010-06-24 00:34:54 +08:00
if (ch == '/') {
2006-10-28 18:47:11 +08:00
r->uri_start = p;
state = sw_after_slash_in_uri;
break;
}
c = (u_char) (ch | 0x20);
if (c >= 'a' && c <= 'z') {
r->schema_start = p;
state = sw_schema;
break;
}
2003-05-20 00:39:14 +08:00
switch (ch) {
2004-04-14 13:57:36 +08:00
case ' ':
2002-08-16 01:20:26 +08:00
break;
2003-05-20 00:39:14 +08:00
default:
2004-04-14 13:57:36 +08:00
return NGX_HTTP_PARSE_INVALID_REQUEST;
2003-05-20 00:39:14 +08:00
}
break;
2002-08-16 01:20:26 +08:00
2004-04-14 13:57:36 +08:00
case sw_schema:
c = (u_char) (ch | 0x20);
if (c >= 'a' && c <= 'z') {
break;
}
2003-05-20 00:39:14 +08:00
switch (ch) {
2004-04-14 13:57:36 +08:00
case ':':
r->schema_end = p;
2004-04-14 13:57:36 +08:00
state = sw_schema_slash;
2003-05-20 00:39:14 +08:00
break;
default:
2004-04-14 13:57:36 +08:00
return NGX_HTTP_PARSE_INVALID_REQUEST;
2003-05-20 00:39:14 +08:00
}
break;
2002-08-16 01:20:26 +08:00
2004-04-14 13:57:36 +08:00
case sw_schema_slash:
2003-05-20 00:39:14 +08:00
switch (ch) {
2004-04-14 13:57:36 +08:00
case '/':
state = sw_schema_slash_slash;
2003-05-20 00:39:14 +08:00
break;
default:
2004-04-14 13:57:36 +08:00
return NGX_HTTP_PARSE_INVALID_REQUEST;
2003-05-20 00:39:14 +08:00
}
break;
2002-08-16 01:20:26 +08:00
2004-04-14 13:57:36 +08:00
case sw_schema_slash_slash:
2003-05-20 00:39:14 +08:00
switch (ch) {
2004-04-14 13:57:36 +08:00
case '/':
state = sw_host_start;
2002-08-16 01:20:26 +08:00
break;
default:
2004-04-14 13:57:36 +08:00
return NGX_HTTP_PARSE_INVALID_REQUEST;
2002-08-16 01:20:26 +08:00
}
break;
case sw_host_start:
r->host_start = p;
if (ch == '[') {
state = sw_host_ip_literal;
break;
}
state = sw_host;
/* fall through */
2004-04-14 13:57:36 +08:00
case sw_host:
c = (u_char) (ch | 0x20);
if (c >= 'a' && c <= 'z') {
break;
}
2006-10-31 20:30:24 +08:00
if ((ch >= '0' && ch <= '9') || ch == '.' || ch == '-') {
break;
}
/* fall through */
case sw_host_end:
r->host_end = p;
2002-08-16 01:20:26 +08:00
switch (ch) {
2004-04-14 13:57:36 +08:00
case ':':
state = sw_port;
break;
case '/':
r->uri_start = p;
2004-04-14 13:57:36 +08:00
state = sw_after_slash_in_uri;
2002-08-16 01:20:26 +08:00
break;
case ' ':
/*
* use single "/" from request line to preserve pointers,
* if request line will be copied to large client buffer
*/
r->uri_start = r->schema_end + 1;
r->uri_end = r->schema_end + 2;
2010-06-15 17:31:19 +08:00
state = sw_host_http_09;
break;
2002-08-16 01:20:26 +08:00
default:
2004-04-14 13:57:36 +08:00
return NGX_HTTP_PARSE_INVALID_REQUEST;
2002-08-16 01:20:26 +08:00
}
break;
case sw_host_ip_literal:
if (ch >= '0' && ch <= '9') {
break;
}
c = (u_char) (ch | 0x20);
if (c >= 'a' && c <= 'z') {
break;
}
switch (ch) {
case ':':
break;
case ']':
state = sw_host_end;
break;
case '-':
case '.':
case '_':
case '~':
/* unreserved */
break;
case '!':
case '$':
case '&':
case '\'':
case '(':
case ')':
case '*':
case '+':
case ',':
case ';':
case '=':
/* sub-delims */
break;
default:
return NGX_HTTP_PARSE_INVALID_REQUEST;
}
break;
2004-04-14 13:57:36 +08:00
case sw_port:
if (ch >= '0' && ch <= '9') {
break;
}
2002-08-16 01:20:26 +08:00
switch (ch) {
case '/':
r->port_end = p;
r->uri_start = p;
2002-08-30 00:59:54 +08:00
state = sw_after_slash_in_uri;
2002-08-16 01:20:26 +08:00
break;
case ' ':
r->port_end = p;
/*
* use single "/" from request line to preserve pointers,
* if request line will be copied to large client buffer
*/
r->uri_start = r->schema_end + 1;
r->uri_end = r->schema_end + 2;
2010-06-15 17:31:19 +08:00
state = sw_host_http_09;
break;
2002-08-16 01:20:26 +08:00
default:
return NGX_HTTP_PARSE_INVALID_REQUEST;
2002-08-16 01:20:26 +08:00
}
break;
2010-06-15 17:31:19 +08:00
/* space+ after "http://host[:port] " */
case sw_host_http_09:
switch (ch) {
case ' ':
break;
case CR:
r->http_minor = 9;
state = sw_almost_done;
break;
case LF:
r->http_minor = 9;
goto done;
case 'H':
r->http_protocol.data = p;
state = sw_http_H;
break;
default:
return NGX_HTTP_PARSE_INVALID_REQUEST;
}
break;
/* check "/.", "//", "%", and "\" (Win32) in URI */
2002-08-30 00:59:54 +08:00
case sw_after_slash_in_uri:
2006-10-28 20:04:43 +08:00
if (usual[ch >> 5] & (1 << (ch & 0x1f))) {
state = sw_check_uri;
break;
}
2002-08-16 01:20:26 +08:00
switch (ch) {
case ' ':
r->uri_end = p;
2010-06-15 17:31:19 +08:00
state = sw_check_uri_http_09;
break;
2002-08-16 01:20:26 +08:00
case CR:
r->uri_end = p;
2002-08-16 01:20:26 +08:00
r->http_minor = 9;
2002-08-30 00:59:54 +08:00
state = sw_almost_done;
2002-08-16 01:20:26 +08:00
break;
case LF:
r->uri_end = p;
2002-08-16 01:20:26 +08:00
r->http_minor = 9;
goto done;
2002-08-16 01:20:26 +08:00
case '.':
r->complex_uri = 1;
2002-08-30 00:59:54 +08:00
state = sw_uri;
2002-08-16 01:20:26 +08:00
break;
case '%':
r->quoted_uri = 1;
state = sw_uri;
break;
case '/':
r->complex_uri = 1;
state = sw_uri;
break;
#if (NGX_WIN32)
case '\\':
r->complex_uri = 1;
state = sw_uri;
break;
#endif
case '?':
r->args_start = p + 1;
state = sw_uri;
2002-08-16 01:20:26 +08:00
break;
2006-10-28 18:15:31 +08:00
case '#':
r->complex_uri = 1;
state = sw_uri;
break;
case '+':
r->plus_in_uri = 1;
break;
case '\0':
2010-05-24 20:35:10 +08:00
return NGX_HTTP_PARSE_INVALID_REQUEST;
2002-08-16 01:20:26 +08:00
default:
2002-08-30 00:59:54 +08:00
state = sw_check_uri;
2002-08-16 01:20:26 +08:00
break;
}
break;
/* check "/", "%" and "\" (Win32) in URI */
2002-08-30 00:59:54 +08:00
case sw_check_uri:
2006-10-28 20:04:43 +08:00
if (usual[ch >> 5] & (1 << (ch & 0x1f))) {
break;
}
2002-08-16 01:20:26 +08:00
switch (ch) {
case '/':
#if (NGX_WIN32)
if (r->uri_ext == p) {
r->complex_uri = 1;
state = sw_uri;
break;
}
#endif
r->uri_ext = NULL;
state = sw_after_slash_in_uri;
break;
case '.':
r->uri_ext = p + 1;
break;
case ' ':
r->uri_end = p;
2010-06-15 17:31:19 +08:00
state = sw_check_uri_http_09;
break;
2002-08-16 01:20:26 +08:00
case CR:
r->uri_end = p;
2002-08-16 01:20:26 +08:00
r->http_minor = 9;
2002-08-30 00:59:54 +08:00
state = sw_almost_done;
2002-08-16 01:20:26 +08:00
break;
case LF:
r->uri_end = p;
2002-08-16 01:20:26 +08:00
r->http_minor = 9;
goto done;
#if (NGX_WIN32)
case '\\':
r->complex_uri = 1;
state = sw_after_slash_in_uri;
break;
#endif
2003-06-02 23:24:30 +08:00
case '%':
r->quoted_uri = 1;
2003-06-02 23:24:30 +08:00
state = sw_uri;
break;
2002-08-16 01:20:26 +08:00
case '?':
r->args_start = p + 1;
2002-08-30 00:59:54 +08:00
state = sw_uri;
2002-08-16 01:20:26 +08:00
break;
2006-10-28 18:15:31 +08:00
case '#':
r->complex_uri = 1;
state = sw_uri;
break;
case '+':
r->plus_in_uri = 1;
break;
case '\0':
2010-05-24 20:35:10 +08:00
return NGX_HTTP_PARSE_INVALID_REQUEST;
2002-08-16 01:20:26 +08:00
}
break;
2010-06-15 17:31:19 +08:00
/* space+ after URI */
case sw_check_uri_http_09:
switch (ch) {
case ' ':
break;
case CR:
r->http_minor = 9;
state = sw_almost_done;
break;
case LF:
r->http_minor = 9;
goto done;
case 'H':
r->http_protocol.data = p;
state = sw_http_H;
break;
default:
r->space_in_uri = 1;
state = sw_check_uri;
p--;
2010-06-15 17:31:19 +08:00
break;
}
break;
2002-08-16 01:20:26 +08:00
/* URI */
2002-08-30 00:59:54 +08:00
case sw_uri:
2006-10-28 20:04:43 +08:00
if (usual[ch >> 5] & (1 << (ch & 0x1f))) {
break;
}
2002-08-16 01:20:26 +08:00
switch (ch) {
case ' ':
r->uri_end = p;
state = sw_http_09;
break;
2002-08-16 01:20:26 +08:00
case CR:
r->uri_end = p;
2002-08-16 01:20:26 +08:00
r->http_minor = 9;
2002-08-30 00:59:54 +08:00
state = sw_almost_done;
2002-08-16 01:20:26 +08:00
break;
case LF:
r->uri_end = p;
2002-08-16 01:20:26 +08:00
r->http_minor = 9;
goto done;
2006-10-28 18:15:31 +08:00
case '#':
r->complex_uri = 1;
break;
case '\0':
2010-05-24 20:35:10 +08:00
return NGX_HTTP_PARSE_INVALID_REQUEST;
2002-08-16 01:20:26 +08:00
}
break;
/* space+ after URI */
2002-08-30 00:59:54 +08:00
case sw_http_09:
2002-08-16 01:20:26 +08:00
switch (ch) {
case ' ':
break;
case CR:
r->http_minor = 9;
2002-08-30 00:59:54 +08:00
state = sw_almost_done;
2002-08-16 01:20:26 +08:00
break;
case LF:
r->http_minor = 9;
goto done;
2002-08-16 01:20:26 +08:00
case 'H':
r->http_protocol.data = p;
2003-05-20 00:39:14 +08:00
state = sw_http_H;
break;
default:
2010-06-15 17:31:19 +08:00
r->space_in_uri = 1;
state = sw_uri;
p--;
2010-06-15 17:31:19 +08:00
break;
2003-05-20 00:39:14 +08:00
}
break;
case sw_http_H:
switch (ch) {
case 'T':
state = sw_http_HT;
2002-08-16 01:20:26 +08:00
break;
default:
2002-09-13 22:47:42 +08:00
return NGX_HTTP_PARSE_INVALID_REQUEST;
2002-08-16 01:20:26 +08:00
}
break;
2003-05-20 00:39:14 +08:00
case sw_http_HT:
switch (ch) {
case 'T':
state = sw_http_HTT;
break;
default:
return NGX_HTTP_PARSE_INVALID_REQUEST;
2002-08-16 01:20:26 +08:00
}
2003-05-20 00:39:14 +08:00
break;
2002-08-16 01:20:26 +08:00
2003-05-20 00:39:14 +08:00
case sw_http_HTT:
switch (ch) {
case 'P':
state = sw_http_HTTP;
break;
default:
2002-09-13 22:47:42 +08:00
return NGX_HTTP_PARSE_INVALID_REQUEST;
2003-01-09 13:36:00 +08:00
}
2003-05-20 00:39:14 +08:00
break;
2002-08-16 01:20:26 +08:00
2003-05-20 00:39:14 +08:00
case sw_http_HTTP:
switch (ch) {
case '/':
state = sw_first_major_digit;
break;
default:
return NGX_HTTP_PARSE_INVALID_REQUEST;
}
2002-08-16 01:20:26 +08:00
break;
/* first digit of major HTTP version */
2002-08-30 00:59:54 +08:00
case sw_first_major_digit:
2003-01-09 13:36:00 +08:00
if (ch < '1' || ch > '9') {
2002-09-13 22:47:42 +08:00
return NGX_HTTP_PARSE_INVALID_REQUEST;
2003-01-09 13:36:00 +08:00
}
2002-08-16 01:20:26 +08:00
r->http_major = ch - '0';
2002-08-30 00:59:54 +08:00
state = sw_major_digit;
2002-08-16 01:20:26 +08:00
break;
/* major HTTP version or dot */
2002-08-30 00:59:54 +08:00
case sw_major_digit:
2002-08-16 01:20:26 +08:00
if (ch == '.') {
2002-08-30 00:59:54 +08:00
state = sw_first_minor_digit;
2002-08-16 01:20:26 +08:00
break;
}
2003-01-09 13:36:00 +08:00
if (ch < '0' || ch > '9') {
2002-09-13 22:47:42 +08:00
return NGX_HTTP_PARSE_INVALID_REQUEST;
2003-01-09 13:36:00 +08:00
}
2002-08-16 01:20:26 +08:00
r->http_major = r->http_major * 10 + ch - '0';
break;
/* first digit of minor HTTP version */
2002-08-30 00:59:54 +08:00
case sw_first_minor_digit:
2003-01-09 13:36:00 +08:00
if (ch < '0' || ch > '9') {
2002-09-13 22:47:42 +08:00
return NGX_HTTP_PARSE_INVALID_REQUEST;
2003-01-09 13:36:00 +08:00
}
2002-08-16 01:20:26 +08:00
r->http_minor = ch - '0';
2002-08-30 00:59:54 +08:00
state = sw_minor_digit;
2002-08-16 01:20:26 +08:00
break;
/* minor HTTP version or end of request line */
2002-08-30 00:59:54 +08:00
case sw_minor_digit:
2002-08-16 01:20:26 +08:00
if (ch == CR) {
2002-08-30 00:59:54 +08:00
state = sw_almost_done;
2002-08-16 01:20:26 +08:00
break;
}
if (ch == LF) {
goto done;
2002-08-16 01:20:26 +08:00
}
if (ch == ' ') {
state = sw_spaces_after_digit;
break;
}
2003-01-09 13:36:00 +08:00
if (ch < '0' || ch > '9') {
2002-09-13 22:47:42 +08:00
return NGX_HTTP_PARSE_INVALID_REQUEST;
2003-01-09 13:36:00 +08:00
}
2002-08-16 01:20:26 +08:00
r->http_minor = r->http_minor * 10 + ch - '0';
break;
case sw_spaces_after_digit:
switch (ch) {
case ' ':
break;
case CR:
state = sw_almost_done;
break;
case LF:
goto done;
default:
return NGX_HTTP_PARSE_INVALID_REQUEST;
}
break;
2002-08-16 01:20:26 +08:00
/* end of request line */
2002-08-30 00:59:54 +08:00
case sw_almost_done:
r->request_end = p - 1;
2002-08-16 01:20:26 +08:00
switch (ch) {
case LF:
goto done;
2002-08-16 01:20:26 +08:00
default:
2002-09-13 22:47:42 +08:00
return NGX_HTTP_PARSE_INVALID_REQUEST;
2002-08-16 01:20:26 +08:00
}
}
}
b->pos = p;
r->state = state;
2002-08-16 01:20:26 +08:00
return NGX_AGAIN;
2003-01-09 13:36:00 +08:00
done:
2003-01-09 13:36:00 +08:00
b->pos = p + 1;
if (r->request_end == NULL) {
r->request_end = p;
}
2003-01-09 13:36:00 +08:00
r->http_version = r->http_major * 1000 + r->http_minor;
r->state = sw_start;
2003-05-15 23:42:53 +08:00
if (r->http_version == 9 && r->method != NGX_HTTP_GET) {
return NGX_HTTP_PARSE_INVALID_09_METHOD;
2002-08-16 01:20:26 +08:00
}
return NGX_OK;
2002-08-16 01:20:26 +08:00
}
2003-11-29 01:41:47 +08:00
nginx-0.1.29-RELEASE import *) Feature: the ngx_http_ssi_module supports "include virtual" command. *) Feature: the ngx_http_ssi_module supports the condition command like 'if expr="$NAME"' and "else" and "endif" commands. Only one nested level is supported. *) Feature: the ngx_http_ssi_module supports the DATE_LOCAL and DATE_GMT variables and "config timefmt" command. *) Feature: the "ssi_ignore_recycled_buffers" directive. *) Bugfix: the "echo" command did not show the default value for the empty QUERY_STRING variable. *) Change: the ngx_http_proxy_module was rewritten. *) Feature: the "proxy_redirect", "proxy_pass_request_headers", "proxy_pass_request_body", and "proxy_method" directives. *) Feature: the "proxy_set_header" directive. The "proxy_x_var" was canceled and must be replaced with the proxy_set_header directive. *) Change: the "proxy_preserve_host" is canceled and must be replaced with the "proxy_set_header Host $host" and the "proxy_redirect off" directives, the "proxy_set_header Host $host:$proxy_port" directive and the appropriate proxy_redirect directives. *) Change: the "proxy_set_x_real_ip" is canceled and must be replaced with the "proxy_set_header X-Real-IP $remote_addr" directive. *) Change: the "proxy_add_x_forwarded_for" is canceled and must be replaced with the "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for" directive. *) Change: the "proxy_set_x_url" is canceled and must be replaced with the "proxy_set_header X-URL http://$host:$server_port$request_uri" directive. *) Feature: the "fastcgi_param" directive. *) Change: the "fastcgi_root", "fastcgi_set_var" and "fastcgi_params" directive are canceled and must be replaced with the fastcgi_param directives. *) Feature: the "index" directive can use the variables. *) Feature: the "index" directive can be used at http and server levels. *) Change: the last index only in the "index" directive can be absolute. *) Feature: the "rewrite" directive can use the variables. *) Feature: the "internal" directive. *) Feature: the CONTENT_LENGTH, CONTENT_TYPE, REMOTE_PORT, SERVER_ADDR, SERVER_PORT, SERVER_PROTOCOL, DOCUMENT_ROOT, SERVER_NAME, REQUEST_METHOD, REQUEST_URI, and REMOTE_USER variables. *) Change: nginx now passes the invalid lines in a client request headers or a backend response header. *) Bugfix: if the backend did not transfer response for a long time and the "send_timeout" was less than "proxy_read_timeout", then nginx returned the 408 response. *) Bugfix: the segmentation fault was occurred if the backend sent an invalid line in response header; the bug had appeared in 0.1.26. *) Bugfix: the segmentation fault may occurred in FastCGI fault tolerance configuration. *) Bugfix: the "expires" directive did not remove the previous "Expires" and "Cache-Control" headers. *) Bugfix: nginx did not take into account trailing dot in "Host" header line. *) Bugfix: the ngx_http_auth_module did not work under Linux. *) Bugfix: the rewrite directive worked incorrectly, if the arguments were in a request. *) Bugfix: nginx could not be built on MacOS X.
2005-05-12 22:58:06 +08:00
ngx_int_t
2008-09-24 22:02:50 +08:00
ngx_http_parse_header_line(ngx_http_request_t *r, ngx_buf_t *b,
ngx_uint_t allow_underscores)
2002-08-16 01:20:26 +08:00
{
u_char c, ch, *p;
ngx_uint_t hash, i;
2003-11-29 01:41:47 +08:00
enum {
2002-08-30 00:59:54 +08:00
sw_start = 0,
sw_name,
sw_space_before_value,
sw_value,
sw_space_after_value,
sw_ignore_line,
2002-08-30 00:59:54 +08:00
sw_almost_done,
sw_header_almost_done
2002-12-05 00:29:40 +08:00
} state;
2006-10-17 20:47:14 +08:00
/* the last '\0' is not needed because string is zero terminated */
static u_char lowcase[] =
"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
"\0\0\0\0\0\0\0\0\0\0\0\0\0-\0\0" "0123456789\0\0\0\0\0\0"
2008-09-24 22:02:50 +08:00
"\0abcdefghijklmnopqrstuvwxyz\0\0\0\0\0"
"\0abcdefghijklmnopqrstuvwxyz\0\0\0\0\0"
"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
2006-10-17 20:47:14 +08:00
"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
2002-12-05 00:29:40 +08:00
state = r->state;
hash = r->header_hash;
i = r->lowcase_index;
2002-08-16 01:20:26 +08:00
for (p = b->pos; p < b->last; p++) {
ch = *p;
2002-08-16 01:20:26 +08:00
switch (state) {
/* first char */
2002-08-30 00:59:54 +08:00
case sw_start:
r->header_name_start = p;
r->invalid_header = 0;
2002-08-16 01:20:26 +08:00
switch (ch) {
case CR:
r->header_end = p;
2002-08-30 00:59:54 +08:00
state = sw_header_almost_done;
2002-08-16 01:20:26 +08:00
break;
case LF:
r->header_end = p;
goto header_done;
2002-08-16 01:20:26 +08:00
default:
2002-08-30 00:59:54 +08:00
state = sw_name;
2002-08-16 01:20:26 +08:00
c = lowcase[ch];
2002-08-16 01:20:26 +08:00
if (c) {
hash = ngx_hash(0, c);
r->lowcase_header[0] = c;
i = 1;
2002-08-16 01:20:26 +08:00
break;
2003-01-09 13:36:00 +08:00
}
2002-08-16 01:20:26 +08:00
if (ch == '_') {
if (allow_underscores) {
hash = ngx_hash(0, ch);
r->lowcase_header[0] = ch;
i = 1;
} else {
r->invalid_header = 1;
}
break;
}
if (ch == '\0') {
return NGX_HTTP_PARSE_INVALID_HEADER;
}
r->invalid_header = 1;
break;
2002-08-16 01:20:26 +08:00
}
break;
/* header name */
2002-08-30 00:59:54 +08:00
case sw_name:
c = lowcase[ch];
if (c) {
hash = ngx_hash(hash, c);
r->lowcase_header[i++] = c;
2008-03-16 21:29:49 +08:00
i &= (NGX_HTTP_LC_HEADER_LEN - 1);
2002-08-16 01:20:26 +08:00
break;
2003-01-09 13:36:00 +08:00
}
2002-08-16 01:20:26 +08:00
2008-09-24 22:02:50 +08:00
if (ch == '_') {
if (allow_underscores) {
hash = ngx_hash(hash, ch);
r->lowcase_header[i++] = ch;
i &= (NGX_HTTP_LC_HEADER_LEN - 1);
} else {
r->invalid_header = 1;
}
break;
}
2002-08-16 01:20:26 +08:00
if (ch == ':') {
r->header_name_end = p;
2002-08-30 00:59:54 +08:00
state = sw_space_before_value;
2002-08-16 01:20:26 +08:00
break;
}
nginx-0.1.29-RELEASE import *) Feature: the ngx_http_ssi_module supports "include virtual" command. *) Feature: the ngx_http_ssi_module supports the condition command like 'if expr="$NAME"' and "else" and "endif" commands. Only one nested level is supported. *) Feature: the ngx_http_ssi_module supports the DATE_LOCAL and DATE_GMT variables and "config timefmt" command. *) Feature: the "ssi_ignore_recycled_buffers" directive. *) Bugfix: the "echo" command did not show the default value for the empty QUERY_STRING variable. *) Change: the ngx_http_proxy_module was rewritten. *) Feature: the "proxy_redirect", "proxy_pass_request_headers", "proxy_pass_request_body", and "proxy_method" directives. *) Feature: the "proxy_set_header" directive. The "proxy_x_var" was canceled and must be replaced with the proxy_set_header directive. *) Change: the "proxy_preserve_host" is canceled and must be replaced with the "proxy_set_header Host $host" and the "proxy_redirect off" directives, the "proxy_set_header Host $host:$proxy_port" directive and the appropriate proxy_redirect directives. *) Change: the "proxy_set_x_real_ip" is canceled and must be replaced with the "proxy_set_header X-Real-IP $remote_addr" directive. *) Change: the "proxy_add_x_forwarded_for" is canceled and must be replaced with the "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for" directive. *) Change: the "proxy_set_x_url" is canceled and must be replaced with the "proxy_set_header X-URL http://$host:$server_port$request_uri" directive. *) Feature: the "fastcgi_param" directive. *) Change: the "fastcgi_root", "fastcgi_set_var" and "fastcgi_params" directive are canceled and must be replaced with the fastcgi_param directives. *) Feature: the "index" directive can use the variables. *) Feature: the "index" directive can be used at http and server levels. *) Change: the last index only in the "index" directive can be absolute. *) Feature: the "rewrite" directive can use the variables. *) Feature: the "internal" directive. *) Feature: the CONTENT_LENGTH, CONTENT_TYPE, REMOTE_PORT, SERVER_ADDR, SERVER_PORT, SERVER_PROTOCOL, DOCUMENT_ROOT, SERVER_NAME, REQUEST_METHOD, REQUEST_URI, and REMOTE_USER variables. *) Change: nginx now passes the invalid lines in a client request headers or a backend response header. *) Bugfix: if the backend did not transfer response for a long time and the "send_timeout" was less than "proxy_read_timeout", then nginx returned the 408 response. *) Bugfix: the segmentation fault was occurred if the backend sent an invalid line in response header; the bug had appeared in 0.1.26. *) Bugfix: the segmentation fault may occurred in FastCGI fault tolerance configuration. *) Bugfix: the "expires" directive did not remove the previous "Expires" and "Cache-Control" headers. *) Bugfix: nginx did not take into account trailing dot in "Host" header line. *) Bugfix: the ngx_http_auth_module did not work under Linux. *) Bugfix: the rewrite directive worked incorrectly, if the arguments were in a request. *) Bugfix: nginx could not be built on MacOS X.
2005-05-12 22:58:06 +08:00
if (ch == CR) {
r->header_name_end = p;
r->header_start = p;
r->header_end = p;
state = sw_almost_done;
break;
}
if (ch == LF) {
r->header_name_end = p;
r->header_start = p;
r->header_end = p;
goto done;
}
/* IIS may send the duplicate "HTTP/1.1 ..." lines */
2003-04-09 23:42:08 +08:00
if (ch == '/'
nginx-0.1.29-RELEASE import *) Feature: the ngx_http_ssi_module supports "include virtual" command. *) Feature: the ngx_http_ssi_module supports the condition command like 'if expr="$NAME"' and "else" and "endif" commands. Only one nested level is supported. *) Feature: the ngx_http_ssi_module supports the DATE_LOCAL and DATE_GMT variables and "config timefmt" command. *) Feature: the "ssi_ignore_recycled_buffers" directive. *) Bugfix: the "echo" command did not show the default value for the empty QUERY_STRING variable. *) Change: the ngx_http_proxy_module was rewritten. *) Feature: the "proxy_redirect", "proxy_pass_request_headers", "proxy_pass_request_body", and "proxy_method" directives. *) Feature: the "proxy_set_header" directive. The "proxy_x_var" was canceled and must be replaced with the proxy_set_header directive. *) Change: the "proxy_preserve_host" is canceled and must be replaced with the "proxy_set_header Host $host" and the "proxy_redirect off" directives, the "proxy_set_header Host $host:$proxy_port" directive and the appropriate proxy_redirect directives. *) Change: the "proxy_set_x_real_ip" is canceled and must be replaced with the "proxy_set_header X-Real-IP $remote_addr" directive. *) Change: the "proxy_add_x_forwarded_for" is canceled and must be replaced with the "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for" directive. *) Change: the "proxy_set_x_url" is canceled and must be replaced with the "proxy_set_header X-URL http://$host:$server_port$request_uri" directive. *) Feature: the "fastcgi_param" directive. *) Change: the "fastcgi_root", "fastcgi_set_var" and "fastcgi_params" directive are canceled and must be replaced with the fastcgi_param directives. *) Feature: the "index" directive can use the variables. *) Feature: the "index" directive can be used at http and server levels. *) Change: the last index only in the "index" directive can be absolute. *) Feature: the "rewrite" directive can use the variables. *) Feature: the "internal" directive. *) Feature: the CONTENT_LENGTH, CONTENT_TYPE, REMOTE_PORT, SERVER_ADDR, SERVER_PORT, SERVER_PROTOCOL, DOCUMENT_ROOT, SERVER_NAME, REQUEST_METHOD, REQUEST_URI, and REMOTE_USER variables. *) Change: nginx now passes the invalid lines in a client request headers or a backend response header. *) Bugfix: if the backend did not transfer response for a long time and the "send_timeout" was less than "proxy_read_timeout", then nginx returned the 408 response. *) Bugfix: the segmentation fault was occurred if the backend sent an invalid line in response header; the bug had appeared in 0.1.26. *) Bugfix: the segmentation fault may occurred in FastCGI fault tolerance configuration. *) Bugfix: the "expires" directive did not remove the previous "Expires" and "Cache-Control" headers. *) Bugfix: nginx did not take into account trailing dot in "Host" header line. *) Bugfix: the ngx_http_auth_module did not work under Linux. *) Bugfix: the rewrite directive worked incorrectly, if the arguments were in a request. *) Bugfix: nginx could not be built on MacOS X.
2005-05-12 22:58:06 +08:00
&& r->upstream
&& p - r->header_name_start == 4
&& ngx_strncmp(r->header_name_start, "HTTP", 4) == 0)
2003-04-09 23:42:08 +08:00
{
state = sw_ignore_line;
break;
2003-04-08 23:40:10 +08:00
}
if (ch == '\0') {
return NGX_HTTP_PARSE_INVALID_HEADER;
}
r->invalid_header = 1;
break;
2002-08-16 01:20:26 +08:00
/* space* before header value */
2002-08-30 00:59:54 +08:00
case sw_space_before_value:
2002-08-16 01:20:26 +08:00
switch (ch) {
case ' ':
break;
case CR:
nginx-0.1.29-RELEASE import *) Feature: the ngx_http_ssi_module supports "include virtual" command. *) Feature: the ngx_http_ssi_module supports the condition command like 'if expr="$NAME"' and "else" and "endif" commands. Only one nested level is supported. *) Feature: the ngx_http_ssi_module supports the DATE_LOCAL and DATE_GMT variables and "config timefmt" command. *) Feature: the "ssi_ignore_recycled_buffers" directive. *) Bugfix: the "echo" command did not show the default value for the empty QUERY_STRING variable. *) Change: the ngx_http_proxy_module was rewritten. *) Feature: the "proxy_redirect", "proxy_pass_request_headers", "proxy_pass_request_body", and "proxy_method" directives. *) Feature: the "proxy_set_header" directive. The "proxy_x_var" was canceled and must be replaced with the proxy_set_header directive. *) Change: the "proxy_preserve_host" is canceled and must be replaced with the "proxy_set_header Host $host" and the "proxy_redirect off" directives, the "proxy_set_header Host $host:$proxy_port" directive and the appropriate proxy_redirect directives. *) Change: the "proxy_set_x_real_ip" is canceled and must be replaced with the "proxy_set_header X-Real-IP $remote_addr" directive. *) Change: the "proxy_add_x_forwarded_for" is canceled and must be replaced with the "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for" directive. *) Change: the "proxy_set_x_url" is canceled and must be replaced with the "proxy_set_header X-URL http://$host:$server_port$request_uri" directive. *) Feature: the "fastcgi_param" directive. *) Change: the "fastcgi_root", "fastcgi_set_var" and "fastcgi_params" directive are canceled and must be replaced with the fastcgi_param directives. *) Feature: the "index" directive can use the variables. *) Feature: the "index" directive can be used at http and server levels. *) Change: the last index only in the "index" directive can be absolute. *) Feature: the "rewrite" directive can use the variables. *) Feature: the "internal" directive. *) Feature: the CONTENT_LENGTH, CONTENT_TYPE, REMOTE_PORT, SERVER_ADDR, SERVER_PORT, SERVER_PROTOCOL, DOCUMENT_ROOT, SERVER_NAME, REQUEST_METHOD, REQUEST_URI, and REMOTE_USER variables. *) Change: nginx now passes the invalid lines in a client request headers or a backend response header. *) Bugfix: if the backend did not transfer response for a long time and the "send_timeout" was less than "proxy_read_timeout", then nginx returned the 408 response. *) Bugfix: the segmentation fault was occurred if the backend sent an invalid line in response header; the bug had appeared in 0.1.26. *) Bugfix: the segmentation fault may occurred in FastCGI fault tolerance configuration. *) Bugfix: the "expires" directive did not remove the previous "Expires" and "Cache-Control" headers. *) Bugfix: nginx did not take into account trailing dot in "Host" header line. *) Bugfix: the ngx_http_auth_module did not work under Linux. *) Bugfix: the rewrite directive worked incorrectly, if the arguments were in a request. *) Bugfix: nginx could not be built on MacOS X.
2005-05-12 22:58:06 +08:00
r->header_start = p;
r->header_end = p;
2002-08-30 00:59:54 +08:00
state = sw_almost_done;
2002-08-16 01:20:26 +08:00
break;
case LF:
nginx-0.1.29-RELEASE import *) Feature: the ngx_http_ssi_module supports "include virtual" command. *) Feature: the ngx_http_ssi_module supports the condition command like 'if expr="$NAME"' and "else" and "endif" commands. Only one nested level is supported. *) Feature: the ngx_http_ssi_module supports the DATE_LOCAL and DATE_GMT variables and "config timefmt" command. *) Feature: the "ssi_ignore_recycled_buffers" directive. *) Bugfix: the "echo" command did not show the default value for the empty QUERY_STRING variable. *) Change: the ngx_http_proxy_module was rewritten. *) Feature: the "proxy_redirect", "proxy_pass_request_headers", "proxy_pass_request_body", and "proxy_method" directives. *) Feature: the "proxy_set_header" directive. The "proxy_x_var" was canceled and must be replaced with the proxy_set_header directive. *) Change: the "proxy_preserve_host" is canceled and must be replaced with the "proxy_set_header Host $host" and the "proxy_redirect off" directives, the "proxy_set_header Host $host:$proxy_port" directive and the appropriate proxy_redirect directives. *) Change: the "proxy_set_x_real_ip" is canceled and must be replaced with the "proxy_set_header X-Real-IP $remote_addr" directive. *) Change: the "proxy_add_x_forwarded_for" is canceled and must be replaced with the "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for" directive. *) Change: the "proxy_set_x_url" is canceled and must be replaced with the "proxy_set_header X-URL http://$host:$server_port$request_uri" directive. *) Feature: the "fastcgi_param" directive. *) Change: the "fastcgi_root", "fastcgi_set_var" and "fastcgi_params" directive are canceled and must be replaced with the fastcgi_param directives. *) Feature: the "index" directive can use the variables. *) Feature: the "index" directive can be used at http and server levels. *) Change: the last index only in the "index" directive can be absolute. *) Feature: the "rewrite" directive can use the variables. *) Feature: the "internal" directive. *) Feature: the CONTENT_LENGTH, CONTENT_TYPE, REMOTE_PORT, SERVER_ADDR, SERVER_PORT, SERVER_PROTOCOL, DOCUMENT_ROOT, SERVER_NAME, REQUEST_METHOD, REQUEST_URI, and REMOTE_USER variables. *) Change: nginx now passes the invalid lines in a client request headers or a backend response header. *) Bugfix: if the backend did not transfer response for a long time and the "send_timeout" was less than "proxy_read_timeout", then nginx returned the 408 response. *) Bugfix: the segmentation fault was occurred if the backend sent an invalid line in response header; the bug had appeared in 0.1.26. *) Bugfix: the segmentation fault may occurred in FastCGI fault tolerance configuration. *) Bugfix: the "expires" directive did not remove the previous "Expires" and "Cache-Control" headers. *) Bugfix: nginx did not take into account trailing dot in "Host" header line. *) Bugfix: the ngx_http_auth_module did not work under Linux. *) Bugfix: the rewrite directive worked incorrectly, if the arguments were in a request. *) Bugfix: nginx could not be built on MacOS X.
2005-05-12 22:58:06 +08:00
r->header_start = p;
r->header_end = p;
goto done;
case '\0':
return NGX_HTTP_PARSE_INVALID_HEADER;
2002-08-16 01:20:26 +08:00
default:
r->header_start = p;
2002-08-30 00:59:54 +08:00
state = sw_value;
2002-08-16 01:20:26 +08:00
break;
}
break;
/* header value */
2002-08-30 00:59:54 +08:00
case sw_value:
2002-08-16 01:20:26 +08:00
switch (ch) {
case ' ':
r->header_end = p;
2002-08-30 00:59:54 +08:00
state = sw_space_after_value;
2002-08-16 01:20:26 +08:00
break;
case CR:
r->header_end = p;
2002-08-30 00:59:54 +08:00
state = sw_almost_done;
2002-08-16 01:20:26 +08:00
break;
case LF:
r->header_end = p;
goto done;
case '\0':
return NGX_HTTP_PARSE_INVALID_HEADER;
2002-08-16 01:20:26 +08:00
}
break;
/* space* before end of header line */
2002-08-30 00:59:54 +08:00
case sw_space_after_value:
2002-08-16 01:20:26 +08:00
switch (ch) {
case ' ':
break;
case CR:
2002-08-30 00:59:54 +08:00
state = sw_almost_done;
2002-08-16 01:20:26 +08:00
break;
case LF:
goto done;
case '\0':
return NGX_HTTP_PARSE_INVALID_HEADER;
2002-08-16 01:20:26 +08:00
default:
2002-08-30 00:59:54 +08:00
state = sw_value;
2002-08-16 01:20:26 +08:00
break;
}
break;
2003-04-08 23:40:10 +08:00
/* ignore header line */
case sw_ignore_line:
switch (ch) {
case LF:
state = sw_start;
break;
default:
break;
}
break;
2002-08-16 01:20:26 +08:00
/* end of header line */
2002-08-30 00:59:54 +08:00
case sw_almost_done:
2002-08-16 01:20:26 +08:00
switch (ch) {
case LF:
goto done;
2008-03-17 00:47:16 +08:00
case CR:
break;
2002-08-16 01:20:26 +08:00
default:
2002-09-13 22:47:42 +08:00
return NGX_HTTP_PARSE_INVALID_HEADER;
2002-08-16 01:20:26 +08:00
}
break;
2002-08-16 01:20:26 +08:00
/* end of header */
2002-08-30 00:59:54 +08:00
case sw_header_almost_done:
2002-08-16 01:20:26 +08:00
switch (ch) {
case LF:
goto header_done;
2002-08-16 01:20:26 +08:00
default:
2002-09-13 22:47:42 +08:00
return NGX_HTTP_PARSE_INVALID_HEADER;
2002-08-16 01:20:26 +08:00
}
}
}
b->pos = p;
r->state = state;
r->header_hash = hash;
r->lowcase_index = i;
2002-08-16 01:20:26 +08:00
return NGX_AGAIN;
2003-01-09 13:36:00 +08:00
done:
2003-01-09 13:36:00 +08:00
b->pos = p + 1;
r->state = sw_start;
r->header_hash = hash;
r->lowcase_index = i;
return NGX_OK;
header_done:
b->pos = p + 1;
r->state = sw_start;
return NGX_HTTP_PARSE_HEADER_DONE;
2002-08-16 01:20:26 +08:00
}
2003-11-29 01:41:47 +08:00
ngx_int_t
ngx_http_parse_uri(ngx_http_request_t *r)
{
u_char *p, ch;
enum {
sw_start = 0,
sw_after_slash_in_uri,
sw_check_uri,
sw_uri
} state;
state = sw_start;
for (p = r->uri_start; p != r->uri_end; p++) {
ch = *p;
switch (state) {
case sw_start:
if (ch != '/') {
return NGX_ERROR;
}
state = sw_after_slash_in_uri;
break;
/* check "/.", "//", "%", and "\" (Win32) in URI */
case sw_after_slash_in_uri:
if (usual[ch >> 5] & (1 << (ch & 0x1f))) {
state = sw_check_uri;
break;
}
switch (ch) {
case ' ':
r->space_in_uri = 1;
state = sw_check_uri;
break;
case '.':
r->complex_uri = 1;
state = sw_uri;
break;
case '%':
r->quoted_uri = 1;
state = sw_uri;
break;
case '/':
r->complex_uri = 1;
state = sw_uri;
break;
#if (NGX_WIN32)
case '\\':
r->complex_uri = 1;
state = sw_uri;
break;
#endif
case '?':
r->args_start = p + 1;
state = sw_uri;
break;
case '#':
r->complex_uri = 1;
state = sw_uri;
break;
case '+':
r->plus_in_uri = 1;
break;
default:
state = sw_check_uri;
break;
}
break;
/* check "/", "%" and "\" (Win32) in URI */
case sw_check_uri:
if (usual[ch >> 5] & (1 << (ch & 0x1f))) {
break;
}
switch (ch) {
case '/':
#if (NGX_WIN32)
if (r->uri_ext == p) {
r->complex_uri = 1;
state = sw_uri;
break;
}
#endif
r->uri_ext = NULL;
state = sw_after_slash_in_uri;
break;
case '.':
r->uri_ext = p + 1;
break;
case ' ':
r->space_in_uri = 1;
break;
#if (NGX_WIN32)
case '\\':
r->complex_uri = 1;
state = sw_after_slash_in_uri;
break;
#endif
case '%':
r->quoted_uri = 1;
state = sw_uri;
break;
case '?':
r->args_start = p + 1;
state = sw_uri;
break;
case '#':
r->complex_uri = 1;
state = sw_uri;
break;
case '+':
r->plus_in_uri = 1;
break;
}
break;
/* URI */
case sw_uri:
if (usual[ch >> 5] & (1 << (ch & 0x1f))) {
break;
}
switch (ch) {
case ' ':
r->space_in_uri = 1;
break;
case '#':
r->complex_uri = 1;
break;
}
break;
}
}
return NGX_OK;
}
nginx-0.1.29-RELEASE import *) Feature: the ngx_http_ssi_module supports "include virtual" command. *) Feature: the ngx_http_ssi_module supports the condition command like 'if expr="$NAME"' and "else" and "endif" commands. Only one nested level is supported. *) Feature: the ngx_http_ssi_module supports the DATE_LOCAL and DATE_GMT variables and "config timefmt" command. *) Feature: the "ssi_ignore_recycled_buffers" directive. *) Bugfix: the "echo" command did not show the default value for the empty QUERY_STRING variable. *) Change: the ngx_http_proxy_module was rewritten. *) Feature: the "proxy_redirect", "proxy_pass_request_headers", "proxy_pass_request_body", and "proxy_method" directives. *) Feature: the "proxy_set_header" directive. The "proxy_x_var" was canceled and must be replaced with the proxy_set_header directive. *) Change: the "proxy_preserve_host" is canceled and must be replaced with the "proxy_set_header Host $host" and the "proxy_redirect off" directives, the "proxy_set_header Host $host:$proxy_port" directive and the appropriate proxy_redirect directives. *) Change: the "proxy_set_x_real_ip" is canceled and must be replaced with the "proxy_set_header X-Real-IP $remote_addr" directive. *) Change: the "proxy_add_x_forwarded_for" is canceled and must be replaced with the "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for" directive. *) Change: the "proxy_set_x_url" is canceled and must be replaced with the "proxy_set_header X-URL http://$host:$server_port$request_uri" directive. *) Feature: the "fastcgi_param" directive. *) Change: the "fastcgi_root", "fastcgi_set_var" and "fastcgi_params" directive are canceled and must be replaced with the fastcgi_param directives. *) Feature: the "index" directive can use the variables. *) Feature: the "index" directive can be used at http and server levels. *) Change: the last index only in the "index" directive can be absolute. *) Feature: the "rewrite" directive can use the variables. *) Feature: the "internal" directive. *) Feature: the CONTENT_LENGTH, CONTENT_TYPE, REMOTE_PORT, SERVER_ADDR, SERVER_PORT, SERVER_PROTOCOL, DOCUMENT_ROOT, SERVER_NAME, REQUEST_METHOD, REQUEST_URI, and REMOTE_USER variables. *) Change: nginx now passes the invalid lines in a client request headers or a backend response header. *) Bugfix: if the backend did not transfer response for a long time and the "send_timeout" was less than "proxy_read_timeout", then nginx returned the 408 response. *) Bugfix: the segmentation fault was occurred if the backend sent an invalid line in response header; the bug had appeared in 0.1.26. *) Bugfix: the segmentation fault may occurred in FastCGI fault tolerance configuration. *) Bugfix: the "expires" directive did not remove the previous "Expires" and "Cache-Control" headers. *) Bugfix: nginx did not take into account trailing dot in "Host" header line. *) Bugfix: the ngx_http_auth_module did not work under Linux. *) Bugfix: the rewrite directive worked incorrectly, if the arguments were in a request. *) Bugfix: nginx could not be built on MacOS X.
2005-05-12 22:58:06 +08:00
ngx_int_t
2007-10-18 19:36:58 +08:00
ngx_http_parse_complex_uri(ngx_http_request_t *r, ngx_uint_t merge_slashes)
2003-11-29 01:41:47 +08:00
{
2004-03-16 15:10:12 +08:00
u_char c, ch, decoded, *p, *u;
2003-11-29 01:41:47 +08:00
enum {
sw_usual = 0,
sw_slash,
sw_dot,
sw_dot_dot,
sw_quoted,
sw_quoted_second
} state, quoted_state;
#if (NGX_SUPPRESS_WARN)
2003-11-29 01:41:47 +08:00
decoded = '\0';
quoted_state = sw_usual;
#endif
2003-11-29 01:41:47 +08:00
state = sw_usual;
p = r->uri_start;
u = r->uri.data;
2003-12-01 04:03:18 +08:00
r->uri_ext = NULL;
r->args_start = NULL;
2003-11-29 01:41:47 +08:00
ch = *p++;
while (p <= r->uri_end) {
/*
* we use "ch = *p++" inside the cycle, but this operation is safe,
* because after the URI there is always at least one character:
* the line feed
*/
2003-11-29 01:41:47 +08:00
ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"s:%d in:'%Xd:%c'", state, ch, ch);
2003-11-29 01:41:47 +08:00
switch (state) {
nginx-0.3.8-RELEASE import *) Security: nginx now checks URI got from a backend in "X-Accel-Redirect" header line or in SSI file for the "/../" paths and zeroes. *) Change: nginx now does not treat the empty user name in the "Authorization" header line as valid one. *) Feature: the "ssl_session_timeout" directives of the ngx_http_ssl_module and ngx_imap_ssl_module. *) Feature: the "auth_http_header" directive of the ngx_imap_auth_http_module. *) Feature: the "add_header" directive. *) Feature: the ngx_http_realip_module. *) Feature: the new variables to use in the "log_format" directive: $bytes_sent, $apache_bytes_sent, $status, $time_gmt, $uri, $request_time, $request_length, $upstream_status, $upstream_response_time, $gzip_ratio, $uid_got, $uid_set, $connection, $pipe, and $msec. The parameters in the "%name" form will be canceled soon. *) Change: now the false variable values in the "if" directive are the empty string "" and string starting with "0". *) Bugfix: while using proxied or FastCGI-server nginx may leave connections and temporary files with client requests in open state. *) Bugfix: the worker processes did not flush the buffered logs on graceful exit. *) Bugfix: if the request URI was changes by the "rewrite" directive and the request was proxied in location given by regular expression, then the incorrect request was transferred to backend; the bug had appeared in 0.2.6. *) Bugfix: the "expires" directive did not remove the previous "Expires" header. *) Bugfix: nginx may stop to accept requests if the "rtsig" method and several worker processes were used. *) Bugfix: the "\"" and "\'" escape symbols were incorrectly handled in SSI commands. *) Bugfix: if the response was ended just after the SSI command and gzipping was used, then the response did not transferred complete or did not transferred at all.
2005-11-10 01:25:55 +08:00
2003-11-29 01:41:47 +08:00
case sw_usual:
2006-10-28 20:04:43 +08:00
if (usual[ch >> 5] & (1 << (ch & 0x1f))) {
*u++ = ch;
ch = *p++;
break;
}
2003-11-29 01:41:47 +08:00
switch(ch) {
#if (NGX_WIN32)
case '\\':
if (u - 2 >= r->uri.data
&& *(u - 1) == '.' && *(u - 2) != '.')
{
u--;
}
r->uri_ext = NULL;
if (p == r->uri_start + r->uri.len) {
/*
* we omit the last "\" to cause redirect because
* the browsers do not treat "\" as "/" in relative URL path
*/
break;
}
state = sw_slash;
*u++ = '/';
break;
#endif
2003-11-29 01:41:47 +08:00
case '/':
#if (NGX_WIN32)
if (u - 2 >= r->uri.data
&& *(u - 1) == '.' && *(u - 2) != '.')
{
u--;
}
#endif
2003-12-01 04:03:18 +08:00
r->uri_ext = NULL;
2003-11-29 01:41:47 +08:00
state = sw_slash;
*u++ = ch;
break;
case '%':
quoted_state = state;
state = sw_quoted;
break;
case '?':
r->args_start = p;
2006-10-28 18:15:31 +08:00
goto args;
case '#':
goto done;
2003-12-01 04:03:18 +08:00
case '.':
r->uri_ext = u + 1;
*u++ = ch;
break;
case '+':
r->plus_in_uri = 1;
/* fall through */
default:
*u++ = ch;
break;
}
2006-10-28 20:04:43 +08:00
ch = *p++;
break;
2003-11-29 01:41:47 +08:00
case sw_slash:
2006-10-28 20:04:43 +08:00
if (usual[ch >> 5] & (1 << (ch & 0x1f))) {
state = sw_usual;
*u++ = ch;
ch = *p++;
break;
}
2003-11-29 01:41:47 +08:00
switch(ch) {
#if (NGX_WIN32)
case '\\':
2007-10-18 19:36:58 +08:00
break;
#endif
2003-11-29 01:41:47 +08:00
case '/':
2007-12-14 22:33:00 +08:00
if (!merge_slashes) {
2007-10-18 19:36:58 +08:00
*u++ = ch;
}
2003-11-29 01:41:47 +08:00
break;
case '.':
state = sw_dot;
*u++ = ch;
break;
case '%':
quoted_state = state;
state = sw_quoted;
break;
case '?':
r->args_start = p;
2006-10-28 18:15:31 +08:00
goto args;
case '#':
goto done;
case '+':
r->plus_in_uri = 1;
2003-11-29 01:41:47 +08:00
default:
state = sw_usual;
*u++ = ch;
break;
}
2006-10-28 20:04:43 +08:00
2003-11-29 01:41:47 +08:00
ch = *p++;
break;
case sw_dot:
2006-10-28 20:04:43 +08:00
if (usual[ch >> 5] & (1 << (ch & 0x1f))) {
state = sw_usual;
*u++ = ch;
ch = *p++;
break;
}
2003-11-29 01:41:47 +08:00
switch(ch) {
#if (NGX_WIN32)
case '\\':
#endif
2003-11-29 01:41:47 +08:00
case '/':
state = sw_slash;
u--;
break;
case '.':
state = sw_dot_dot;
*u++ = ch;
break;
case '%':
quoted_state = state;
state = sw_quoted;
break;
case '?':
r->args_start = p;
2006-10-28 18:15:31 +08:00
goto args;
case '#':
goto done;
case '+':
r->plus_in_uri = 1;
2003-11-29 01:41:47 +08:00
default:
state = sw_usual;
*u++ = ch;
break;
}
2006-10-28 20:04:43 +08:00
2003-11-29 01:41:47 +08:00
ch = *p++;
break;
case sw_dot_dot:
2006-10-28 20:04:43 +08:00
if (usual[ch >> 5] & (1 << (ch & 0x1f))) {
state = sw_usual;
*u++ = ch;
ch = *p++;
break;
}
2003-11-29 01:41:47 +08:00
switch(ch) {
#if (NGX_WIN32)
case '\\':
#endif
2003-11-29 01:41:47 +08:00
case '/':
state = sw_slash;
2009-09-14 15:42:01 +08:00
u -= 5;
for ( ;; ) {
if (u < r->uri.data) {
return NGX_HTTP_PARSE_INVALID_REQUEST;
}
if (*u == '/') {
u++;
break;
}
2003-11-29 01:41:47 +08:00
u--;
}
break;
case '%':
quoted_state = state;
state = sw_quoted;
break;
case '?':
r->args_start = p;
2006-10-28 18:15:31 +08:00
goto args;
case '#':
goto done;
case '+':
r->plus_in_uri = 1;
2003-11-29 01:41:47 +08:00
default:
state = sw_usual;
*u++ = ch;
break;
}
2006-10-28 20:04:43 +08:00
2003-11-29 01:41:47 +08:00
ch = *p++;
break;
case sw_quoted:
r->quoted_uri = 1;
2003-11-29 01:41:47 +08:00
if (ch >= '0' && ch <= '9') {
2004-03-16 21:35:20 +08:00
decoded = (u_char) (ch - '0');
2003-11-29 01:41:47 +08:00
state = sw_quoted_second;
ch = *p++;
break;
}
2004-03-16 21:35:20 +08:00
c = (u_char) (ch | 0x20);
2003-11-29 01:41:47 +08:00
if (c >= 'a' && c <= 'f') {
2004-03-16 21:35:20 +08:00
decoded = (u_char) (c - 'a' + 10);
2003-11-29 01:41:47 +08:00
state = sw_quoted_second;
ch = *p++;
break;
}
return NGX_HTTP_PARSE_INVALID_REQUEST;
case sw_quoted_second:
if (ch >= '0' && ch <= '9') {
2004-03-16 21:35:20 +08:00
ch = (u_char) ((decoded << 4) + ch - '0');
if (ch == '%' || ch == '#') {
2003-12-03 00:57:05 +08:00
state = sw_usual;
*u++ = ch;
ch = *p++;
break;
2006-10-28 18:15:31 +08:00
} else if (ch == '\0') {
2010-05-24 20:35:10 +08:00
return NGX_HTTP_PARSE_INVALID_REQUEST;
}
2003-11-29 01:41:47 +08:00
state = quoted_state;
break;
}
2004-03-16 21:35:20 +08:00
c = (u_char) (ch | 0x20);
2003-11-29 01:41:47 +08:00
if (c >= 'a' && c <= 'f') {
2004-03-16 21:35:20 +08:00
ch = (u_char) ((decoded << 4) + c - 'a' + 10);
if (ch == '?') {
state = sw_usual;
2003-12-03 00:57:05 +08:00
*u++ = ch;
ch = *p++;
break;
} else if (ch == '+') {
r->plus_in_uri = 1;
2003-12-03 00:57:05 +08:00
}
2003-11-29 01:41:47 +08:00
state = quoted_state;
break;
}
return NGX_HTTP_PARSE_INVALID_REQUEST;
}
}
done:
2003-11-29 01:41:47 +08:00
r->uri.len = u - r->uri.data;
2003-12-01 04:03:18 +08:00
if (r->uri_ext) {
r->exten.len = u - r->uri_ext;
r->exten.data = r->uri_ext;
2003-12-01 04:03:18 +08:00
}
r->uri_ext = NULL;
2006-10-28 18:15:31 +08:00
return NGX_OK;
args:
while (p < r->uri_end) {
if (*p++ != '#') {
continue;
}
r->args.len = p - 1 - r->args_start;
r->args.data = r->args_start;
r->args_start = NULL;
break;
}
r->uri.len = u - r->uri.data;
if (r->uri_ext) {
r->exten.len = u - r->uri_ext;
r->exten.data = r->uri_ext;
}
r->uri_ext = NULL;
2003-11-29 01:41:47 +08:00
return NGX_OK;
}
nginx-0.1.29-RELEASE import *) Feature: the ngx_http_ssi_module supports "include virtual" command. *) Feature: the ngx_http_ssi_module supports the condition command like 'if expr="$NAME"' and "else" and "endif" commands. Only one nested level is supported. *) Feature: the ngx_http_ssi_module supports the DATE_LOCAL and DATE_GMT variables and "config timefmt" command. *) Feature: the "ssi_ignore_recycled_buffers" directive. *) Bugfix: the "echo" command did not show the default value for the empty QUERY_STRING variable. *) Change: the ngx_http_proxy_module was rewritten. *) Feature: the "proxy_redirect", "proxy_pass_request_headers", "proxy_pass_request_body", and "proxy_method" directives. *) Feature: the "proxy_set_header" directive. The "proxy_x_var" was canceled and must be replaced with the proxy_set_header directive. *) Change: the "proxy_preserve_host" is canceled and must be replaced with the "proxy_set_header Host $host" and the "proxy_redirect off" directives, the "proxy_set_header Host $host:$proxy_port" directive and the appropriate proxy_redirect directives. *) Change: the "proxy_set_x_real_ip" is canceled and must be replaced with the "proxy_set_header X-Real-IP $remote_addr" directive. *) Change: the "proxy_add_x_forwarded_for" is canceled and must be replaced with the "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for" directive. *) Change: the "proxy_set_x_url" is canceled and must be replaced with the "proxy_set_header X-URL http://$host:$server_port$request_uri" directive. *) Feature: the "fastcgi_param" directive. *) Change: the "fastcgi_root", "fastcgi_set_var" and "fastcgi_params" directive are canceled and must be replaced with the fastcgi_param directives. *) Feature: the "index" directive can use the variables. *) Feature: the "index" directive can be used at http and server levels. *) Change: the last index only in the "index" directive can be absolute. *) Feature: the "rewrite" directive can use the variables. *) Feature: the "internal" directive. *) Feature: the CONTENT_LENGTH, CONTENT_TYPE, REMOTE_PORT, SERVER_ADDR, SERVER_PORT, SERVER_PROTOCOL, DOCUMENT_ROOT, SERVER_NAME, REQUEST_METHOD, REQUEST_URI, and REMOTE_USER variables. *) Change: nginx now passes the invalid lines in a client request headers or a backend response header. *) Bugfix: if the backend did not transfer response for a long time and the "send_timeout" was less than "proxy_read_timeout", then nginx returned the 408 response. *) Bugfix: the segmentation fault was occurred if the backend sent an invalid line in response header; the bug had appeared in 0.1.26. *) Bugfix: the segmentation fault may occurred in FastCGI fault tolerance configuration. *) Bugfix: the "expires" directive did not remove the previous "Expires" and "Cache-Control" headers. *) Bugfix: nginx did not take into account trailing dot in "Host" header line. *) Bugfix: the ngx_http_auth_module did not work under Linux. *) Bugfix: the rewrite directive worked incorrectly, if the arguments were in a request. *) Bugfix: nginx could not be built on MacOS X.
2005-05-12 22:58:06 +08:00
2010-06-15 23:13:34 +08:00
ngx_int_t
ngx_http_parse_status_line(ngx_http_request_t *r, ngx_buf_t *b,
ngx_http_status_t *status)
{
u_char ch;
u_char *p;
enum {
sw_start = 0,
sw_H,
sw_HT,
sw_HTT,
sw_HTTP,
sw_first_major_digit,
sw_major_digit,
sw_first_minor_digit,
sw_minor_digit,
sw_status,
sw_space_after_status,
sw_status_text,
sw_almost_done
} state;
state = r->state;
for (p = b->pos; p < b->last; p++) {
ch = *p;
switch (state) {
/* "HTTP/" */
case sw_start:
switch (ch) {
case 'H':
state = sw_H;
break;
default:
return NGX_ERROR;
}
break;
case sw_H:
switch (ch) {
case 'T':
state = sw_HT;
break;
default:
return NGX_ERROR;
}
break;
case sw_HT:
switch (ch) {
case 'T':
state = sw_HTT;
break;
default:
return NGX_ERROR;
}
break;
case sw_HTT:
switch (ch) {
case 'P':
state = sw_HTTP;
break;
default:
return NGX_ERROR;
}
break;
case sw_HTTP:
switch (ch) {
case '/':
state = sw_first_major_digit;
break;
default:
return NGX_ERROR;
}
break;
/* the first digit of major HTTP version */
case sw_first_major_digit:
if (ch < '1' || ch > '9') {
return NGX_ERROR;
}
r->http_major = ch - '0';
2010-06-15 23:13:34 +08:00
state = sw_major_digit;
break;
/* the major HTTP version or dot */
case sw_major_digit:
if (ch == '.') {
state = sw_first_minor_digit;
break;
}
if (ch < '0' || ch > '9') {
return NGX_ERROR;
}
r->http_major = r->http_major * 10 + ch - '0';
2010-06-15 23:13:34 +08:00
break;
/* the first digit of minor HTTP version */
case sw_first_minor_digit:
if (ch < '0' || ch > '9') {
return NGX_ERROR;
}
r->http_minor = ch - '0';
2010-06-15 23:13:34 +08:00
state = sw_minor_digit;
break;
/* the minor HTTP version or the end of the request line */
case sw_minor_digit:
if (ch == ' ') {
state = sw_status;
break;
}
if (ch < '0' || ch > '9') {
return NGX_ERROR;
}
r->http_minor = r->http_minor * 10 + ch - '0';
2010-06-15 23:13:34 +08:00
break;
/* HTTP status code */
case sw_status:
if (ch == ' ') {
break;
}
if (ch < '0' || ch > '9') {
return NGX_ERROR;
}
status->code = status->code * 10 + ch - '0';
if (++status->count == 3) {
state = sw_space_after_status;
status->start = p - 2;
}
break;
/* space or end of line */
case sw_space_after_status:
switch (ch) {
case ' ':
state = sw_status_text;
break;
case '.': /* IIS may send 403.1, 403.2, etc */
state = sw_status_text;
break;
case CR:
state = sw_almost_done;
break;
case LF:
goto done;
default:
return NGX_ERROR;
}
break;
/* any text until end of line */
case sw_status_text:
switch (ch) {
case CR:
state = sw_almost_done;
break;
case LF:
goto done;
}
break;
/* end of status line */
case sw_almost_done:
status->end = p - 1;
switch (ch) {
case LF:
goto done;
default:
return NGX_ERROR;
}
}
}
b->pos = p;
r->state = state;
return NGX_AGAIN;
done:
b->pos = p + 1;
if (status->end == NULL) {
status->end = p;
}
status->http_version = r->http_major * 1000 + r->http_minor;
2010-06-15 23:13:34 +08:00
r->state = sw_start;
return NGX_OK;
}
nginx-0.3.8-RELEASE import *) Security: nginx now checks URI got from a backend in "X-Accel-Redirect" header line or in SSI file for the "/../" paths and zeroes. *) Change: nginx now does not treat the empty user name in the "Authorization" header line as valid one. *) Feature: the "ssl_session_timeout" directives of the ngx_http_ssl_module and ngx_imap_ssl_module. *) Feature: the "auth_http_header" directive of the ngx_imap_auth_http_module. *) Feature: the "add_header" directive. *) Feature: the ngx_http_realip_module. *) Feature: the new variables to use in the "log_format" directive: $bytes_sent, $apache_bytes_sent, $status, $time_gmt, $uri, $request_time, $request_length, $upstream_status, $upstream_response_time, $gzip_ratio, $uid_got, $uid_set, $connection, $pipe, and $msec. The parameters in the "%name" form will be canceled soon. *) Change: now the false variable values in the "if" directive are the empty string "" and string starting with "0". *) Bugfix: while using proxied or FastCGI-server nginx may leave connections and temporary files with client requests in open state. *) Bugfix: the worker processes did not flush the buffered logs on graceful exit. *) Bugfix: if the request URI was changes by the "rewrite" directive and the request was proxied in location given by regular expression, then the incorrect request was transferred to backend; the bug had appeared in 0.2.6. *) Bugfix: the "expires" directive did not remove the previous "Expires" header. *) Bugfix: nginx may stop to accept requests if the "rtsig" method and several worker processes were used. *) Bugfix: the "\"" and "\'" escape symbols were incorrectly handled in SSI commands. *) Bugfix: if the response was ended just after the SSI command and gzipping was used, then the response did not transferred complete or did not transferred at all.
2005-11-10 01:25:55 +08:00
ngx_int_t
ngx_http_parse_unsafe_uri(ngx_http_request_t *r, ngx_str_t *uri,
ngx_str_t *args, ngx_uint_t *flags)
{
u_char ch, *p, *src, *dst;
size_t len;
ngx_uint_t quoted;
nginx-0.3.8-RELEASE import *) Security: nginx now checks URI got from a backend in "X-Accel-Redirect" header line or in SSI file for the "/../" paths and zeroes. *) Change: nginx now does not treat the empty user name in the "Authorization" header line as valid one. *) Feature: the "ssl_session_timeout" directives of the ngx_http_ssl_module and ngx_imap_ssl_module. *) Feature: the "auth_http_header" directive of the ngx_imap_auth_http_module. *) Feature: the "add_header" directive. *) Feature: the ngx_http_realip_module. *) Feature: the new variables to use in the "log_format" directive: $bytes_sent, $apache_bytes_sent, $status, $time_gmt, $uri, $request_time, $request_length, $upstream_status, $upstream_response_time, $gzip_ratio, $uid_got, $uid_set, $connection, $pipe, and $msec. The parameters in the "%name" form will be canceled soon. *) Change: now the false variable values in the "if" directive are the empty string "" and string starting with "0". *) Bugfix: while using proxied or FastCGI-server nginx may leave connections and temporary files with client requests in open state. *) Bugfix: the worker processes did not flush the buffered logs on graceful exit. *) Bugfix: if the request URI was changes by the "rewrite" directive and the request was proxied in location given by regular expression, then the incorrect request was transferred to backend; the bug had appeared in 0.2.6. *) Bugfix: the "expires" directive did not remove the previous "Expires" header. *) Bugfix: nginx may stop to accept requests if the "rtsig" method and several worker processes were used. *) Bugfix: the "\"" and "\'" escape symbols were incorrectly handled in SSI commands. *) Bugfix: if the response was ended just after the SSI command and gzipping was used, then the response did not transferred complete or did not transferred at all.
2005-11-10 01:25:55 +08:00
len = uri->len;
p = uri->data;
quoted = 0;
nginx-0.3.8-RELEASE import *) Security: nginx now checks URI got from a backend in "X-Accel-Redirect" header line or in SSI file for the "/../" paths and zeroes. *) Change: nginx now does not treat the empty user name in the "Authorization" header line as valid one. *) Feature: the "ssl_session_timeout" directives of the ngx_http_ssl_module and ngx_imap_ssl_module. *) Feature: the "auth_http_header" directive of the ngx_imap_auth_http_module. *) Feature: the "add_header" directive. *) Feature: the ngx_http_realip_module. *) Feature: the new variables to use in the "log_format" directive: $bytes_sent, $apache_bytes_sent, $status, $time_gmt, $uri, $request_time, $request_length, $upstream_status, $upstream_response_time, $gzip_ratio, $uid_got, $uid_set, $connection, $pipe, and $msec. The parameters in the "%name" form will be canceled soon. *) Change: now the false variable values in the "if" directive are the empty string "" and string starting with "0". *) Bugfix: while using proxied or FastCGI-server nginx may leave connections and temporary files with client requests in open state. *) Bugfix: the worker processes did not flush the buffered logs on graceful exit. *) Bugfix: if the request URI was changes by the "rewrite" directive and the request was proxied in location given by regular expression, then the incorrect request was transferred to backend; the bug had appeared in 0.2.6. *) Bugfix: the "expires" directive did not remove the previous "Expires" header. *) Bugfix: nginx may stop to accept requests if the "rtsig" method and several worker processes were used. *) Bugfix: the "\"" and "\'" escape symbols were incorrectly handled in SSI commands. *) Bugfix: if the response was ended just after the SSI command and gzipping was used, then the response did not transferred complete or did not transferred at all.
2005-11-10 01:25:55 +08:00
if (len == 0 || p[0] == '?') {
goto unsafe;
}
if (p[0] == '.' && len > 1 && p[1] == '.'
&& (len == 2 || ngx_path_separator(p[2])))
{
nginx-0.3.8-RELEASE import *) Security: nginx now checks URI got from a backend in "X-Accel-Redirect" header line or in SSI file for the "/../" paths and zeroes. *) Change: nginx now does not treat the empty user name in the "Authorization" header line as valid one. *) Feature: the "ssl_session_timeout" directives of the ngx_http_ssl_module and ngx_imap_ssl_module. *) Feature: the "auth_http_header" directive of the ngx_imap_auth_http_module. *) Feature: the "add_header" directive. *) Feature: the ngx_http_realip_module. *) Feature: the new variables to use in the "log_format" directive: $bytes_sent, $apache_bytes_sent, $status, $time_gmt, $uri, $request_time, $request_length, $upstream_status, $upstream_response_time, $gzip_ratio, $uid_got, $uid_set, $connection, $pipe, and $msec. The parameters in the "%name" form will be canceled soon. *) Change: now the false variable values in the "if" directive are the empty string "" and string starting with "0". *) Bugfix: while using proxied or FastCGI-server nginx may leave connections and temporary files with client requests in open state. *) Bugfix: the worker processes did not flush the buffered logs on graceful exit. *) Bugfix: if the request URI was changes by the "rewrite" directive and the request was proxied in location given by regular expression, then the incorrect request was transferred to backend; the bug had appeared in 0.2.6. *) Bugfix: the "expires" directive did not remove the previous "Expires" header. *) Bugfix: nginx may stop to accept requests if the "rtsig" method and several worker processes were used. *) Bugfix: the "\"" and "\'" escape symbols were incorrectly handled in SSI commands. *) Bugfix: if the response was ended just after the SSI command and gzipping was used, then the response did not transferred complete or did not transferred at all.
2005-11-10 01:25:55 +08:00
goto unsafe;
}
for ( /* void */ ; len; len--) {
ch = *p++;
if (ch == '%') {
quoted = 1;
continue;
}
2006-10-28 20:04:43 +08:00
if (usual[ch >> 5] & (1 << (ch & 0x1f))) {
continue;
}
nginx-0.3.8-RELEASE import *) Security: nginx now checks URI got from a backend in "X-Accel-Redirect" header line or in SSI file for the "/../" paths and zeroes. *) Change: nginx now does not treat the empty user name in the "Authorization" header line as valid one. *) Feature: the "ssl_session_timeout" directives of the ngx_http_ssl_module and ngx_imap_ssl_module. *) Feature: the "auth_http_header" directive of the ngx_imap_auth_http_module. *) Feature: the "add_header" directive. *) Feature: the ngx_http_realip_module. *) Feature: the new variables to use in the "log_format" directive: $bytes_sent, $apache_bytes_sent, $status, $time_gmt, $uri, $request_time, $request_length, $upstream_status, $upstream_response_time, $gzip_ratio, $uid_got, $uid_set, $connection, $pipe, and $msec. The parameters in the "%name" form will be canceled soon. *) Change: now the false variable values in the "if" directive are the empty string "" and string starting with "0". *) Bugfix: while using proxied or FastCGI-server nginx may leave connections and temporary files with client requests in open state. *) Bugfix: the worker processes did not flush the buffered logs on graceful exit. *) Bugfix: if the request URI was changes by the "rewrite" directive and the request was proxied in location given by regular expression, then the incorrect request was transferred to backend; the bug had appeared in 0.2.6. *) Bugfix: the "expires" directive did not remove the previous "Expires" header. *) Bugfix: nginx may stop to accept requests if the "rtsig" method and several worker processes were used. *) Bugfix: the "\"" and "\'" escape symbols were incorrectly handled in SSI commands. *) Bugfix: if the response was ended just after the SSI command and gzipping was used, then the response did not transferred complete or did not transferred at all.
2005-11-10 01:25:55 +08:00
if (ch == '?') {
args->len = len - 1;
args->data = p;
uri->len -= len;
break;
nginx-0.3.8-RELEASE import *) Security: nginx now checks URI got from a backend in "X-Accel-Redirect" header line or in SSI file for the "/../" paths and zeroes. *) Change: nginx now does not treat the empty user name in the "Authorization" header line as valid one. *) Feature: the "ssl_session_timeout" directives of the ngx_http_ssl_module and ngx_imap_ssl_module. *) Feature: the "auth_http_header" directive of the ngx_imap_auth_http_module. *) Feature: the "add_header" directive. *) Feature: the ngx_http_realip_module. *) Feature: the new variables to use in the "log_format" directive: $bytes_sent, $apache_bytes_sent, $status, $time_gmt, $uri, $request_time, $request_length, $upstream_status, $upstream_response_time, $gzip_ratio, $uid_got, $uid_set, $connection, $pipe, and $msec. The parameters in the "%name" form will be canceled soon. *) Change: now the false variable values in the "if" directive are the empty string "" and string starting with "0". *) Bugfix: while using proxied or FastCGI-server nginx may leave connections and temporary files with client requests in open state. *) Bugfix: the worker processes did not flush the buffered logs on graceful exit. *) Bugfix: if the request URI was changes by the "rewrite" directive and the request was proxied in location given by regular expression, then the incorrect request was transferred to backend; the bug had appeared in 0.2.6. *) Bugfix: the "expires" directive did not remove the previous "Expires" header. *) Bugfix: nginx may stop to accept requests if the "rtsig" method and several worker processes were used. *) Bugfix: the "\"" and "\'" escape symbols were incorrectly handled in SSI commands. *) Bugfix: if the response was ended just after the SSI command and gzipping was used, then the response did not transferred complete or did not transferred at all.
2005-11-10 01:25:55 +08:00
}
if (ch == '\0') {
2010-05-24 20:35:10 +08:00
goto unsafe;
nginx-0.3.8-RELEASE import *) Security: nginx now checks URI got from a backend in "X-Accel-Redirect" header line or in SSI file for the "/../" paths and zeroes. *) Change: nginx now does not treat the empty user name in the "Authorization" header line as valid one. *) Feature: the "ssl_session_timeout" directives of the ngx_http_ssl_module and ngx_imap_ssl_module. *) Feature: the "auth_http_header" directive of the ngx_imap_auth_http_module. *) Feature: the "add_header" directive. *) Feature: the ngx_http_realip_module. *) Feature: the new variables to use in the "log_format" directive: $bytes_sent, $apache_bytes_sent, $status, $time_gmt, $uri, $request_time, $request_length, $upstream_status, $upstream_response_time, $gzip_ratio, $uid_got, $uid_set, $connection, $pipe, and $msec. The parameters in the "%name" form will be canceled soon. *) Change: now the false variable values in the "if" directive are the empty string "" and string starting with "0". *) Bugfix: while using proxied or FastCGI-server nginx may leave connections and temporary files with client requests in open state. *) Bugfix: the worker processes did not flush the buffered logs on graceful exit. *) Bugfix: if the request URI was changes by the "rewrite" directive and the request was proxied in location given by regular expression, then the incorrect request was transferred to backend; the bug had appeared in 0.2.6. *) Bugfix: the "expires" directive did not remove the previous "Expires" header. *) Bugfix: nginx may stop to accept requests if the "rtsig" method and several worker processes were used. *) Bugfix: the "\"" and "\'" escape symbols were incorrectly handled in SSI commands. *) Bugfix: if the response was ended just after the SSI command and gzipping was used, then the response did not transferred complete or did not transferred at all.
2005-11-10 01:25:55 +08:00
}
2009-04-24 00:38:59 +08:00
if (ngx_path_separator(ch) && len > 2) {
/* detect "/../" and "/.." */
nginx-0.3.8-RELEASE import *) Security: nginx now checks URI got from a backend in "X-Accel-Redirect" header line or in SSI file for the "/../" paths and zeroes. *) Change: nginx now does not treat the empty user name in the "Authorization" header line as valid one. *) Feature: the "ssl_session_timeout" directives of the ngx_http_ssl_module and ngx_imap_ssl_module. *) Feature: the "auth_http_header" directive of the ngx_imap_auth_http_module. *) Feature: the "add_header" directive. *) Feature: the ngx_http_realip_module. *) Feature: the new variables to use in the "log_format" directive: $bytes_sent, $apache_bytes_sent, $status, $time_gmt, $uri, $request_time, $request_length, $upstream_status, $upstream_response_time, $gzip_ratio, $uid_got, $uid_set, $connection, $pipe, and $msec. The parameters in the "%name" form will be canceled soon. *) Change: now the false variable values in the "if" directive are the empty string "" and string starting with "0". *) Bugfix: while using proxied or FastCGI-server nginx may leave connections and temporary files with client requests in open state. *) Bugfix: the worker processes did not flush the buffered logs on graceful exit. *) Bugfix: if the request URI was changes by the "rewrite" directive and the request was proxied in location given by regular expression, then the incorrect request was transferred to backend; the bug had appeared in 0.2.6. *) Bugfix: the "expires" directive did not remove the previous "Expires" header. *) Bugfix: nginx may stop to accept requests if the "rtsig" method and several worker processes were used. *) Bugfix: the "\"" and "\'" escape symbols were incorrectly handled in SSI commands. *) Bugfix: if the response was ended just after the SSI command and gzipping was used, then the response did not transferred complete or did not transferred at all.
2005-11-10 01:25:55 +08:00
if (p[0] == '.' && p[1] == '.'
&& (len == 3 || ngx_path_separator(p[2])))
{
nginx-0.3.8-RELEASE import *) Security: nginx now checks URI got from a backend in "X-Accel-Redirect" header line or in SSI file for the "/../" paths and zeroes. *) Change: nginx now does not treat the empty user name in the "Authorization" header line as valid one. *) Feature: the "ssl_session_timeout" directives of the ngx_http_ssl_module and ngx_imap_ssl_module. *) Feature: the "auth_http_header" directive of the ngx_imap_auth_http_module. *) Feature: the "add_header" directive. *) Feature: the ngx_http_realip_module. *) Feature: the new variables to use in the "log_format" directive: $bytes_sent, $apache_bytes_sent, $status, $time_gmt, $uri, $request_time, $request_length, $upstream_status, $upstream_response_time, $gzip_ratio, $uid_got, $uid_set, $connection, $pipe, and $msec. The parameters in the "%name" form will be canceled soon. *) Change: now the false variable values in the "if" directive are the empty string "" and string starting with "0". *) Bugfix: while using proxied or FastCGI-server nginx may leave connections and temporary files with client requests in open state. *) Bugfix: the worker processes did not flush the buffered logs on graceful exit. *) Bugfix: if the request URI was changes by the "rewrite" directive and the request was proxied in location given by regular expression, then the incorrect request was transferred to backend; the bug had appeared in 0.2.6. *) Bugfix: the "expires" directive did not remove the previous "Expires" header. *) Bugfix: nginx may stop to accept requests if the "rtsig" method and several worker processes were used. *) Bugfix: the "\"" and "\'" escape symbols were incorrectly handled in SSI commands. *) Bugfix: if the response was ended just after the SSI command and gzipping was used, then the response did not transferred complete or did not transferred at all.
2005-11-10 01:25:55 +08:00
goto unsafe;
}
}
}
if (quoted) {
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"escaped URI: \"%V\"", uri);
src = uri->data;
dst = ngx_pnalloc(r->pool, uri->len);
if (dst == NULL) {
return NGX_ERROR;
}
uri->data = dst;
ngx_unescape_uri(&dst, &src, uri->len, 0);
uri->len = dst - uri->data;
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"unescaped URI: \"%V\"", uri);
len = uri->len;
p = uri->data;
if (p[0] == '.' && len > 1 && p[1] == '.'
&& (len == 2 || ngx_path_separator(p[2])))
{
goto unsafe;
}
for ( /* void */ ; len; len--) {
ch = *p++;
if (ch == '\0') {
goto unsafe;
}
if (ngx_path_separator(ch) && len > 2) {
/* detect "/../" and "/.." */
if (p[0] == '.' && p[1] == '.'
&& (len == 3 || ngx_path_separator(p[2])))
{
goto unsafe;
}
}
}
}
nginx-0.3.8-RELEASE import *) Security: nginx now checks URI got from a backend in "X-Accel-Redirect" header line or in SSI file for the "/../" paths and zeroes. *) Change: nginx now does not treat the empty user name in the "Authorization" header line as valid one. *) Feature: the "ssl_session_timeout" directives of the ngx_http_ssl_module and ngx_imap_ssl_module. *) Feature: the "auth_http_header" directive of the ngx_imap_auth_http_module. *) Feature: the "add_header" directive. *) Feature: the ngx_http_realip_module. *) Feature: the new variables to use in the "log_format" directive: $bytes_sent, $apache_bytes_sent, $status, $time_gmt, $uri, $request_time, $request_length, $upstream_status, $upstream_response_time, $gzip_ratio, $uid_got, $uid_set, $connection, $pipe, and $msec. The parameters in the "%name" form will be canceled soon. *) Change: now the false variable values in the "if" directive are the empty string "" and string starting with "0". *) Bugfix: while using proxied or FastCGI-server nginx may leave connections and temporary files with client requests in open state. *) Bugfix: the worker processes did not flush the buffered logs on graceful exit. *) Bugfix: if the request URI was changes by the "rewrite" directive and the request was proxied in location given by regular expression, then the incorrect request was transferred to backend; the bug had appeared in 0.2.6. *) Bugfix: the "expires" directive did not remove the previous "Expires" header. *) Bugfix: nginx may stop to accept requests if the "rtsig" method and several worker processes were used. *) Bugfix: the "\"" and "\'" escape symbols were incorrectly handled in SSI commands. *) Bugfix: if the response was ended just after the SSI command and gzipping was used, then the response did not transferred complete or did not transferred at all.
2005-11-10 01:25:55 +08:00
return NGX_OK;
unsafe:
2009-09-25 17:30:06 +08:00
if (*flags & NGX_HTTP_LOG_UNSAFE) {
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
"unsafe URI \"%V\" was detected", uri);
}
nginx-0.3.8-RELEASE import *) Security: nginx now checks URI got from a backend in "X-Accel-Redirect" header line or in SSI file for the "/../" paths and zeroes. *) Change: nginx now does not treat the empty user name in the "Authorization" header line as valid one. *) Feature: the "ssl_session_timeout" directives of the ngx_http_ssl_module and ngx_imap_ssl_module. *) Feature: the "auth_http_header" directive of the ngx_imap_auth_http_module. *) Feature: the "add_header" directive. *) Feature: the ngx_http_realip_module. *) Feature: the new variables to use in the "log_format" directive: $bytes_sent, $apache_bytes_sent, $status, $time_gmt, $uri, $request_time, $request_length, $upstream_status, $upstream_response_time, $gzip_ratio, $uid_got, $uid_set, $connection, $pipe, and $msec. The parameters in the "%name" form will be canceled soon. *) Change: now the false variable values in the "if" directive are the empty string "" and string starting with "0". *) Bugfix: while using proxied or FastCGI-server nginx may leave connections and temporary files with client requests in open state. *) Bugfix: the worker processes did not flush the buffered logs on graceful exit. *) Bugfix: if the request URI was changes by the "rewrite" directive and the request was proxied in location given by regular expression, then the incorrect request was transferred to backend; the bug had appeared in 0.2.6. *) Bugfix: the "expires" directive did not remove the previous "Expires" header. *) Bugfix: nginx may stop to accept requests if the "rtsig" method and several worker processes were used. *) Bugfix: the "\"" and "\'" escape symbols were incorrectly handled in SSI commands. *) Bugfix: if the response was ended just after the SSI command and gzipping was used, then the response did not transferred complete or did not transferred at all.
2005-11-10 01:25:55 +08:00
return NGX_ERROR;
}
nginx-0.1.29-RELEASE import *) Feature: the ngx_http_ssi_module supports "include virtual" command. *) Feature: the ngx_http_ssi_module supports the condition command like 'if expr="$NAME"' and "else" and "endif" commands. Only one nested level is supported. *) Feature: the ngx_http_ssi_module supports the DATE_LOCAL and DATE_GMT variables and "config timefmt" command. *) Feature: the "ssi_ignore_recycled_buffers" directive. *) Bugfix: the "echo" command did not show the default value for the empty QUERY_STRING variable. *) Change: the ngx_http_proxy_module was rewritten. *) Feature: the "proxy_redirect", "proxy_pass_request_headers", "proxy_pass_request_body", and "proxy_method" directives. *) Feature: the "proxy_set_header" directive. The "proxy_x_var" was canceled and must be replaced with the proxy_set_header directive. *) Change: the "proxy_preserve_host" is canceled and must be replaced with the "proxy_set_header Host $host" and the "proxy_redirect off" directives, the "proxy_set_header Host $host:$proxy_port" directive and the appropriate proxy_redirect directives. *) Change: the "proxy_set_x_real_ip" is canceled and must be replaced with the "proxy_set_header X-Real-IP $remote_addr" directive. *) Change: the "proxy_add_x_forwarded_for" is canceled and must be replaced with the "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for" directive. *) Change: the "proxy_set_x_url" is canceled and must be replaced with the "proxy_set_header X-URL http://$host:$server_port$request_uri" directive. *) Feature: the "fastcgi_param" directive. *) Change: the "fastcgi_root", "fastcgi_set_var" and "fastcgi_params" directive are canceled and must be replaced with the fastcgi_param directives. *) Feature: the "index" directive can use the variables. *) Feature: the "index" directive can be used at http and server levels. *) Change: the last index only in the "index" directive can be absolute. *) Feature: the "rewrite" directive can use the variables. *) Feature: the "internal" directive. *) Feature: the CONTENT_LENGTH, CONTENT_TYPE, REMOTE_PORT, SERVER_ADDR, SERVER_PORT, SERVER_PROTOCOL, DOCUMENT_ROOT, SERVER_NAME, REQUEST_METHOD, REQUEST_URI, and REMOTE_USER variables. *) Change: nginx now passes the invalid lines in a client request headers or a backend response header. *) Bugfix: if the backend did not transfer response for a long time and the "send_timeout" was less than "proxy_read_timeout", then nginx returned the 408 response. *) Bugfix: the segmentation fault was occurred if the backend sent an invalid line in response header; the bug had appeared in 0.1.26. *) Bugfix: the segmentation fault may occurred in FastCGI fault tolerance configuration. *) Bugfix: the "expires" directive did not remove the previous "Expires" and "Cache-Control" headers. *) Bugfix: nginx did not take into account trailing dot in "Host" header line. *) Bugfix: the ngx_http_auth_module did not work under Linux. *) Bugfix: the rewrite directive worked incorrectly, if the arguments were in a request. *) Bugfix: nginx could not be built on MacOS X.
2005-05-12 22:58:06 +08:00
ngx_int_t
ngx_http_parse_multi_header_lines(ngx_array_t *headers, ngx_str_t *name,
ngx_str_t *value)
{
ngx_uint_t i;
u_char *start, *last, *end, ch;
ngx_table_elt_t **h;
h = headers->elts;
for (i = 0; i < headers->nelts; i++) {
ngx_log_debug2(NGX_LOG_DEBUG_HTTP, headers->pool->log, 0,
"parse header: \"%V: %V\"", &h[i]->key, &h[i]->value);
if (name->len > h[i]->value.len) {
continue;
}
nginx-0.1.29-RELEASE import *) Feature: the ngx_http_ssi_module supports "include virtual" command. *) Feature: the ngx_http_ssi_module supports the condition command like 'if expr="$NAME"' and "else" and "endif" commands. Only one nested level is supported. *) Feature: the ngx_http_ssi_module supports the DATE_LOCAL and DATE_GMT variables and "config timefmt" command. *) Feature: the "ssi_ignore_recycled_buffers" directive. *) Bugfix: the "echo" command did not show the default value for the empty QUERY_STRING variable. *) Change: the ngx_http_proxy_module was rewritten. *) Feature: the "proxy_redirect", "proxy_pass_request_headers", "proxy_pass_request_body", and "proxy_method" directives. *) Feature: the "proxy_set_header" directive. The "proxy_x_var" was canceled and must be replaced with the proxy_set_header directive. *) Change: the "proxy_preserve_host" is canceled and must be replaced with the "proxy_set_header Host $host" and the "proxy_redirect off" directives, the "proxy_set_header Host $host:$proxy_port" directive and the appropriate proxy_redirect directives. *) Change: the "proxy_set_x_real_ip" is canceled and must be replaced with the "proxy_set_header X-Real-IP $remote_addr" directive. *) Change: the "proxy_add_x_forwarded_for" is canceled and must be replaced with the "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for" directive. *) Change: the "proxy_set_x_url" is canceled and must be replaced with the "proxy_set_header X-URL http://$host:$server_port$request_uri" directive. *) Feature: the "fastcgi_param" directive. *) Change: the "fastcgi_root", "fastcgi_set_var" and "fastcgi_params" directive are canceled and must be replaced with the fastcgi_param directives. *) Feature: the "index" directive can use the variables. *) Feature: the "index" directive can be used at http and server levels. *) Change: the last index only in the "index" directive can be absolute. *) Feature: the "rewrite" directive can use the variables. *) Feature: the "internal" directive. *) Feature: the CONTENT_LENGTH, CONTENT_TYPE, REMOTE_PORT, SERVER_ADDR, SERVER_PORT, SERVER_PROTOCOL, DOCUMENT_ROOT, SERVER_NAME, REQUEST_METHOD, REQUEST_URI, and REMOTE_USER variables. *) Change: nginx now passes the invalid lines in a client request headers or a backend response header. *) Bugfix: if the backend did not transfer response for a long time and the "send_timeout" was less than "proxy_read_timeout", then nginx returned the 408 response. *) Bugfix: the segmentation fault was occurred if the backend sent an invalid line in response header; the bug had appeared in 0.1.26. *) Bugfix: the segmentation fault may occurred in FastCGI fault tolerance configuration. *) Bugfix: the "expires" directive did not remove the previous "Expires" and "Cache-Control" headers. *) Bugfix: nginx did not take into account trailing dot in "Host" header line. *) Bugfix: the ngx_http_auth_module did not work under Linux. *) Bugfix: the rewrite directive worked incorrectly, if the arguments were in a request. *) Bugfix: nginx could not be built on MacOS X.
2005-05-12 22:58:06 +08:00
start = h[i]->value.data;
end = h[i]->value.data + h[i]->value.len;
while (start < end) {
if (ngx_strncasecmp(start, name->data, name->len) != 0) {
goto skip;
}
for (start += name->len; start < end && *start == ' '; start++) {
/* void */
}
if (value == NULL) {
if (start == end || *start == ',') {
return i;
}
goto skip;
}
if (start == end || *start++ != '=') {
/* the invalid header value */
goto skip;
}
while (start < end && *start == ' ') { start++; }
for (last = start; last < end && *last != ';'; last++) {
/* void */
}
value->len = last - start;
value->data = start;
return i;
skip:
nginx-0.3.8-RELEASE import *) Security: nginx now checks URI got from a backend in "X-Accel-Redirect" header line or in SSI file for the "/../" paths and zeroes. *) Change: nginx now does not treat the empty user name in the "Authorization" header line as valid one. *) Feature: the "ssl_session_timeout" directives of the ngx_http_ssl_module and ngx_imap_ssl_module. *) Feature: the "auth_http_header" directive of the ngx_imap_auth_http_module. *) Feature: the "add_header" directive. *) Feature: the ngx_http_realip_module. *) Feature: the new variables to use in the "log_format" directive: $bytes_sent, $apache_bytes_sent, $status, $time_gmt, $uri, $request_time, $request_length, $upstream_status, $upstream_response_time, $gzip_ratio, $uid_got, $uid_set, $connection, $pipe, and $msec. The parameters in the "%name" form will be canceled soon. *) Change: now the false variable values in the "if" directive are the empty string "" and string starting with "0". *) Bugfix: while using proxied or FastCGI-server nginx may leave connections and temporary files with client requests in open state. *) Bugfix: the worker processes did not flush the buffered logs on graceful exit. *) Bugfix: if the request URI was changes by the "rewrite" directive and the request was proxied in location given by regular expression, then the incorrect request was transferred to backend; the bug had appeared in 0.2.6. *) Bugfix: the "expires" directive did not remove the previous "Expires" header. *) Bugfix: nginx may stop to accept requests if the "rtsig" method and several worker processes were used. *) Bugfix: the "\"" and "\'" escape symbols were incorrectly handled in SSI commands. *) Bugfix: if the response was ended just after the SSI command and gzipping was used, then the response did not transferred complete or did not transferred at all.
2005-11-10 01:25:55 +08:00
nginx-0.1.29-RELEASE import *) Feature: the ngx_http_ssi_module supports "include virtual" command. *) Feature: the ngx_http_ssi_module supports the condition command like 'if expr="$NAME"' and "else" and "endif" commands. Only one nested level is supported. *) Feature: the ngx_http_ssi_module supports the DATE_LOCAL and DATE_GMT variables and "config timefmt" command. *) Feature: the "ssi_ignore_recycled_buffers" directive. *) Bugfix: the "echo" command did not show the default value for the empty QUERY_STRING variable. *) Change: the ngx_http_proxy_module was rewritten. *) Feature: the "proxy_redirect", "proxy_pass_request_headers", "proxy_pass_request_body", and "proxy_method" directives. *) Feature: the "proxy_set_header" directive. The "proxy_x_var" was canceled and must be replaced with the proxy_set_header directive. *) Change: the "proxy_preserve_host" is canceled and must be replaced with the "proxy_set_header Host $host" and the "proxy_redirect off" directives, the "proxy_set_header Host $host:$proxy_port" directive and the appropriate proxy_redirect directives. *) Change: the "proxy_set_x_real_ip" is canceled and must be replaced with the "proxy_set_header X-Real-IP $remote_addr" directive. *) Change: the "proxy_add_x_forwarded_for" is canceled and must be replaced with the "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for" directive. *) Change: the "proxy_set_x_url" is canceled and must be replaced with the "proxy_set_header X-URL http://$host:$server_port$request_uri" directive. *) Feature: the "fastcgi_param" directive. *) Change: the "fastcgi_root", "fastcgi_set_var" and "fastcgi_params" directive are canceled and must be replaced with the fastcgi_param directives. *) Feature: the "index" directive can use the variables. *) Feature: the "index" directive can be used at http and server levels. *) Change: the last index only in the "index" directive can be absolute. *) Feature: the "rewrite" directive can use the variables. *) Feature: the "internal" directive. *) Feature: the CONTENT_LENGTH, CONTENT_TYPE, REMOTE_PORT, SERVER_ADDR, SERVER_PORT, SERVER_PROTOCOL, DOCUMENT_ROOT, SERVER_NAME, REQUEST_METHOD, REQUEST_URI, and REMOTE_USER variables. *) Change: nginx now passes the invalid lines in a client request headers or a backend response header. *) Bugfix: if the backend did not transfer response for a long time and the "send_timeout" was less than "proxy_read_timeout", then nginx returned the 408 response. *) Bugfix: the segmentation fault was occurred if the backend sent an invalid line in response header; the bug had appeared in 0.1.26. *) Bugfix: the segmentation fault may occurred in FastCGI fault tolerance configuration. *) Bugfix: the "expires" directive did not remove the previous "Expires" and "Cache-Control" headers. *) Bugfix: nginx did not take into account trailing dot in "Host" header line. *) Bugfix: the ngx_http_auth_module did not work under Linux. *) Bugfix: the rewrite directive worked incorrectly, if the arguments were in a request. *) Bugfix: nginx could not be built on MacOS X.
2005-05-12 22:58:06 +08:00
while (start < end) {
ch = *start++;
if (ch == ';' || ch == ',') {
break;
}
}
while (start < end && *start == ' ') { start++; }
}
}
return NGX_DECLINED;
}
2008-12-22 20:02:05 +08:00
ngx_int_t
ngx_http_arg(ngx_http_request_t *r, u_char *name, size_t len, ngx_str_t *value)
{
u_char *p, *last;
2008-12-22 20:02:05 +08:00
if (r->args.len == 0) {
return NGX_DECLINED;
}
p = r->args.data;
last = p + r->args.len;
2008-12-22 20:02:05 +08:00
for ( /* void */ ; p < last; p++) {
/* we need '=' after name, so drop one char from last */
2008-12-22 20:02:05 +08:00
p = ngx_strlcasestrn(p, last - 1, name, len - 1);
2008-12-22 20:02:05 +08:00
if (p == NULL) {
return NGX_DECLINED;
}
if ((p == r->args.data || *(p - 1) == '&') && *(p + len) == '=') {
value->data = p + len + 1;
p = ngx_strlchr(p, last, '&');
2008-12-22 20:02:05 +08:00
if (p == NULL) {
p = r->args.data + r->args.len;
}
value->len = p - value->data;
return NGX_OK;
}
}
return NGX_DECLINED;
}
2009-03-19 21:41:29 +08:00
void
ngx_http_split_args(ngx_http_request_t *r, ngx_str_t *uri, ngx_str_t *args)
{
2010-05-24 20:35:10 +08:00
u_char *p, *last;
2009-03-19 21:41:29 +08:00
2010-05-24 20:35:10 +08:00
last = uri->data + uri->len;
2009-03-19 21:41:29 +08:00
2010-05-24 20:35:10 +08:00
p = ngx_strlchr(uri->data, last, '?');
2009-03-19 21:41:29 +08:00
2010-05-24 20:35:10 +08:00
if (p) {
uri->len = p - uri->data;
p++;
args->len = last - p;
args->data = p;
2009-03-19 21:41:29 +08:00
2010-05-24 20:35:10 +08:00
} else {
args->len = 0;
2009-03-19 21:41:29 +08:00
}
}
ngx_int_t
ngx_http_parse_chunked(ngx_http_request_t *r, ngx_buf_t *b,
ngx_http_chunked_t *ctx)
{
u_char *pos, ch, c;
ngx_int_t rc;
enum {
sw_chunk_start = 0,
sw_chunk_size,
sw_chunk_extension,
sw_chunk_extension_almost_done,
sw_chunk_data,
sw_after_data,
sw_after_data_almost_done,
sw_last_chunk_extension,
sw_last_chunk_extension_almost_done,
sw_trailer,
sw_trailer_almost_done,
sw_trailer_header,
sw_trailer_header_almost_done
} state;
state = ctx->state;
if (state == sw_chunk_data && ctx->size == 0) {
state = sw_after_data;
}
rc = NGX_AGAIN;
for (pos = b->pos; pos < b->last; pos++) {
ch = *pos;
ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"http chunked byte: %02Xd s:%d", ch, state);
switch (state) {
case sw_chunk_start:
if (ch >= '0' && ch <= '9') {
state = sw_chunk_size;
ctx->size = ch - '0';
break;
}
c = (u_char) (ch | 0x20);
if (c >= 'a' && c <= 'f') {
state = sw_chunk_size;
ctx->size = c - 'a' + 10;
break;
}
goto invalid;
case sw_chunk_size:
if (ch >= '0' && ch <= '9') {
ctx->size = ctx->size * 16 + (ch - '0');
break;
}
c = (u_char) (ch | 0x20);
if (c >= 'a' && c <= 'f') {
ctx->size = ctx->size * 16 + (c - 'a' + 10);
break;
}
if (ctx->size == 0) {
switch (ch) {
case CR:
state = sw_last_chunk_extension_almost_done;
break;
case LF:
state = sw_trailer;
break;
case ';':
case ' ':
case '\t':
state = sw_last_chunk_extension;
break;
default:
goto invalid;
}
break;
}
switch (ch) {
case CR:
state = sw_chunk_extension_almost_done;
break;
case LF:
state = sw_chunk_data;
break;
case ';':
case ' ':
case '\t':
state = sw_chunk_extension;
break;
default:
goto invalid;
}
break;
case sw_chunk_extension:
switch (ch) {
case CR:
state = sw_chunk_extension_almost_done;
break;
case LF:
state = sw_chunk_data;
}
break;
case sw_chunk_extension_almost_done:
if (ch == LF) {
state = sw_chunk_data;
break;
}
goto invalid;
case sw_chunk_data:
rc = NGX_OK;
goto data;
case sw_after_data:
switch (ch) {
case CR:
state = sw_after_data_almost_done;
break;
case LF:
state = sw_chunk_start;
}
break;
case sw_after_data_almost_done:
if (ch == LF) {
state = sw_chunk_start;
break;
}
goto invalid;
case sw_last_chunk_extension:
switch (ch) {
case CR:
state = sw_last_chunk_extension_almost_done;
break;
case LF:
state = sw_trailer;
}
break;
case sw_last_chunk_extension_almost_done:
if (ch == LF) {
state = sw_trailer;
break;
}
goto invalid;
case sw_trailer:
switch (ch) {
case CR:
state = sw_trailer_almost_done;
break;
case LF:
goto done;
default:
state = sw_trailer_header;
}
break;
case sw_trailer_almost_done:
if (ch == LF) {
goto done;
}
goto invalid;
case sw_trailer_header:
switch (ch) {
case CR:
state = sw_trailer_header_almost_done;
break;
case LF:
state = sw_trailer;
}
break;
case sw_trailer_header_almost_done:
if (ch == LF) {
state = sw_trailer;
break;
}
goto invalid;
}
}
data:
ctx->state = state;
b->pos = pos;
switch (state) {
case sw_chunk_start:
ctx->length = 3 /* "0" LF LF */;
break;
case sw_chunk_size:
ctx->length = 1 /* LF */
+ (ctx->size ? ctx->size + 4 /* LF "0" LF LF */
: 1 /* LF */);
break;
case sw_chunk_extension:
case sw_chunk_extension_almost_done:
ctx->length = 1 /* LF */ + ctx->size + 4 /* LF "0" LF LF */;
break;
case sw_chunk_data:
ctx->length = ctx->size + 4 /* LF "0" LF LF */;
break;
case sw_after_data:
case sw_after_data_almost_done:
ctx->length = 4 /* LF "0" LF LF */;
break;
case sw_last_chunk_extension:
case sw_last_chunk_extension_almost_done:
ctx->length = 2 /* LF LF */;
break;
case sw_trailer:
case sw_trailer_almost_done:
ctx->length = 1 /* LF */;
break;
case sw_trailer_header:
case sw_trailer_header_almost_done:
ctx->length = 2 /* LF LF */;
break;
}
2013-05-06 18:03:24 +08:00
if (ctx->size < 0 || ctx->length < 0) {
goto invalid;
}
return rc;
done:
ctx->state = 0;
b->pos = pos + 1;
return NGX_DONE;
invalid:
return NGX_ERROR;
}