details: http://hg.nginx.org/nginx/rev/9806f7932474 branches: changeset: 5321:9806f7932474 user: Sergey Kandaurov <pluk...@nginx.com> date: Tue Aug 13 17:47:04 2013 +0400 description: Referer module: fixed regex matching against HTTPS referers.
When matching a compiled regex against value in the "Referer" header field, the length was calculated incorrectly for strings that start from "https://";. This might cause matching to fail for regexes with end-of-line anchors. Patch by Liangbin Li. diffstat: src/http/modules/ngx_http_referer_module.c | 4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) diffs (25 lines): diff -r ad137a80919f -r 9806f7932474 src/http/modules/ngx_http_referer_module.c --- a/src/http/modules/ngx_http_referer_module.c Thu Aug 08 15:06:39 2013 +0400 +++ b/src/http/modules/ngx_http_referer_module.c Tue Aug 13 17:47:04 2013 +0400 @@ -147,10 +147,12 @@ ngx_http_referer_variable(ngx_http_reque if (ngx_strncasecmp(ref, (u_char *) "http://";, 7) == 0) { ref += 7; + len -= 7; goto valid_scheme; } else if (ngx_strncasecmp(ref, (u_char *) "https://";, 8) == 0) { ref += 8; + len -= 8; goto valid_scheme; } } @@ -191,7 +193,7 @@ valid_scheme: ngx_int_t rc; ngx_str_t referer; - referer.len = len - 7; + referer.len = len; referer.data = ref; rc = ngx_regex_exec_array(rlcf->regex, &referer, r->connection->log); _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
