Changes between Initial Version and Version 1 of Ticket #2396


Ignore:
Timestamp:
10/01/22 12:59:21 (2 years ago)
Author:
ymartin-ovh@…
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #2396 – Description

    initial v1  
    4444* Connection #0 to host localhost left intact
    4545
    46 The following patch tries to mimic fix on the commit 0b66bd4be777a5b79c5ae0e7dff89fc6429da0fe:
     46The attached patch tries to mimic fix on the commit 0b66bd4be777a5b79c5ae0e7dff89fc6429da0fe.
    4747
    48 diff -aruN nginx-1.21.6/src/http/ngx_http_parse.c nginx/src/http/ngx_http_parse.c
    49 --- nginx-1.21.6/src/http/ngx_http_parse.c    2022-01-25 16:03:52.000000000 +0100
    50 +++ nginx/src/http/ngx_http_parse.c    2022-09-30 17:38:02.176503090 +0200
    51 @@ -1526,7 +1526,7 @@
    52                      ch = *p++;
    53                      break;
    54  
    55 -                } else if (ch == '\0') {
    56 +                } else if (ch < 0x20 || ch == 0x7f) {
    57                      return NGX_HTTP_PARSE_INVALID_REQUEST;
    58                  }
    59  
    60 @@ -1546,6 +1546,8 @@
    61  
    62                  } else if (ch == '+') {
    63                      r->plus_in_uri = 1;
    64 +                } else if (ch < 0x20 || ch == 0x7f) {
    65 +                    return NGX_HTTP_PARSE_INVALID_REQUEST;
    66                  }
    67  
    68                  state = quoted_state;
     48Same crafted curl gives me now:
     49< HTTP/1.1 400 Bad Request
     50< Server: nginx/1.21.6
    6951
    7052What do you think ?