Win32: uris with ":$" are now rejected.

There are too many problems with special NTFS streams, notably "::$data", "::$index_allocation" and ":$i30:$index_allocation". For now we don't reject all URIs with ":" like Apache does as there are no good reasons seen yet, and there are multiple programs using it in URLs (e.g. MediaWiki).
2024-12-03 04:39:00 +08:00 · 2012-06-05 13:38:27 +00:00 · 2012-06-05 13:38:27 +00:00 · 0d7720ddc0
commit 0d7720ddc0
parent f83598a359
1 changed files with 22 additions and 6 deletions
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@ -812,7 +812,28 @@ ngx_http_process_request_line(ngx_event_t *rev)

 #if (NGX_WIN32)
            {
-            u_char  *p;
+            u_char  *p, *last;
+
+            p = r->uri.data;
+            last = r->uri.data + r->uri.len;
+
+            while (p < last) {
+
+                if (*p++ == ':') {
+
+                    /*
+                     * this check covers "::$data", "::$index_allocation" and
+                     * ":$i30:$index_allocation"
+                     */
+
+                    if (p < last && *p == '$') {
+                        ngx_log_error(NGX_LOG_INFO, c->log, 0,
+                                      "client sent unsafe win32 URI");
+                        ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST);
+                        return;
+                    }
+                }
+            }

            p = r->uri.data + r->uri.len - 1;

@ -828,11 +849,6 @@ ngx_http_process_request_line(ngx_event_t *rev)
                    continue;
                }

-                if (ngx_strncasecmp(p - 6, (u_char *) "::$data", 7) == 0) {
-                    p -= 7;
-                    continue;
-                }
-
                break;
            }