nginx-0.3.9-RELEASE import

*) Bugfix: nginx considered URI as unsafe if two any symbols was
       between two slashes; the bug had appeared in 0.3.8.

docs/xml/nginx/changes.xml

@@ -9,6 +9,23 @@
 <title lang="en">nginx changelog</title>
 
 
+<changes ver="0.3.9" date="10.11.2005">
+
+<change type="bugfix">
+<para lang="ru">
+nginx ÓÞÉÔÁÌ ÎÅÂÅÚÏÐÁÓÎÙÍÉ URI, × ËÏÔÏÒÙÈ ÍÅÖÄÕ Ä×ÕÍÑ ÓÌÜÛÁÍÉ
+ÎÁÈÏÄÉÌÏÓØ Ä×Á ÌÀÂÙÈ ÓÉÍ×ÏÌÁ;
+ÏÛÉÂËÁ ÐÏÑ×ÉÌÁÓØ × 0.3.8.
+</para>
+<para lang="en">
+nginx considered URI as unsafe if two any symbols was between two slashes;
+bug appeared in 0.3.8.
+</para>
+</change>
+
+</changes>
+
+
 <changes ver="0.3.8" date="09.11.2005">
 
 <change type="security">
@@ -119,7 +136,7 @@ and temporary files with client requests in open state.
 
 <change type="bugfix">
 <para lang="ru">
-рабочие процессы не сбрасывал буферизированные логи при плавном выходе.
+ÒÁÂÏÞÉÅ ÐÒÏÃÅÓÓÙ ÎÅ ÓÂÒÁÓÙ×ÁÌÉ ÂÕÆÅÒÉÚÉÒÏ×ÁÎÎÙÅ ÌÏÇÉ ÐÒÉ ÐÌÁ×ÎÏÍ ×ÙÈÏÄÅ.
 </para>
 <para lang="en">
 the worker processes did not flush the buffered logs on graceful exit.

src/core/nginx.h

@@ -8,7 +8,7 @@
 #define _NGINX_H_INCLUDED_
 
 
-#define NGINX_VER          "nginx/0.3.8"
+#define NGINX_VER          "nginx/0.3.9"
 
 #define NGINX_VAR          "NGINX"
 #define NGX_OLDPID_EXT     ".oldbin"

src/http/ngx_http_parse.c

@@ -1056,7 +1056,7 @@ ngx_http_parse_unsafe_uri(ngx_http_request_t *r, ngx_str_t *uri,
 
             /* detect "/../" */
 
-            if (p[2] == '/') {
+            if (p[0] == '.' && p[1] == '.' && p[2] == '/') {
                 goto unsafe;
             }
 
@@ -1070,7 +1070,9 @@ ngx_http_parse_unsafe_uri(ngx_http_request_t *r, ngx_str_t *uri,
 
                 /* detect "/.../" */
 
-                if (p[3] == '/' || p[3] == '\\') {
+                if (p[0] == '.' && p[1] == '.' && p[2] == '.'
+                    && (p[3] == '/' || p[3] == '\\'))
+                {
                     goto unsafe;
                 }
             }