~ubuntu-branches/ubuntu/trusty/nginx/trusty-updates

Viewing changes to src/http/modules/ngx_http_geoip_module.c

Committer: Package Import Robot
Author(s): Cyril Lavier, Cyril Lavier
Date: 2012-06-27 13:52:03 UTC
mfrom: (4.2.51 sid)
Revision ID: package-import@ubuntu.com-20120627135203-82rzqkajfpo1m77u

Tags: 1.2.1-2

[Cyril Lavier]
* Urgency set to medium, security bug in naxsi module, fix via upstream.
* debian/modules/naxsi:
+ Updated naxsi module to version 0.46-1 fixing the following security
issue : potential file disclosure in nx_extract.

files added:
debian/modules/naxsi/t/servroot

debian/modules/naxsi/t/servroot/conf

debian/modules/naxsi/t/servroot/conf/nginx.conf

debian/modules/naxsi/t/servroot/html

debian/modules/naxsi/t/servroot/html/index.html

debian/modules/naxsi/t/servroot/logs

debian/modules/naxsi/t/servroot/logs/access.log

debian/modules/naxsi/t/servroot/logs/error.log

debian/modules/nginx-lua/deps

debian/modules/nginx-lua/deps/ngx_devel_kit

debian/modules/nginx-lua/t/072-conditional-get.t

debian/modules/nginx-lua/t/073-backtrace.t

debian/modules/nginx-lua/t/074-prefix-var.t

debian/modules/nginx-lua/t/076-no-postpone.t

debian/nginx-naxsi-ui.postrm

debian/nginx-naxsi-ui.prerm

debian/po/cs.po

debian/po/da.po

debian/po/de.po

debian/po/es.po

debian/po/gl.po

debian/po/it.po

debian/po/nl.po

debian/po/pl.po

debian/po/pt.po

debian/po/ru.po

debian/po/sk.po

debian/po/sv.po

files removed:
debian/nginx-full.postrm

debian/nginx-light.postrm

debian/nginx-naxsi.postrm

files modified:
CHANGES

CHANGES.ru

debian/changelog

debian/conf/sites-available/default

debian/control

debian/copyright

debian/modules/README.Modules-versions

debian/modules/naxsi/contrib/naxsi-ui/naxsi-ui-learning.conf

debian/modules/naxsi/contrib/naxsi-ui/naxsi-ui-stats.conf

debian/modules/naxsi/contrib/naxsi-ui/nx_extract.py

debian/modules/naxsi/naxsi_src/naxsi.h

debian/modules/nginx-lua/README

debian/modules/nginx-lua/README.markdown

debian/modules/nginx-lua/config

debian/modules/nginx-lua/doc/HttpLuaModule.wiki

debian/modules/nginx-lua/src/ngx_http_lua_accessby.c

debian/modules/nginx-lua/src/ngx_http_lua_args.c

debian/modules/nginx-lua/src/ngx_http_lua_args.h

debian/modules/nginx-lua/src/ngx_http_lua_common.h

debian/modules/nginx-lua/src/ngx_http_lua_conf.c

debian/modules/nginx-lua/src/ngx_http_lua_control.c

debian/modules/nginx-lua/src/ngx_http_lua_directive.c

debian/modules/nginx-lua/src/ngx_http_lua_directive.h

debian/modules/nginx-lua/src/ngx_http_lua_headerfilterby.c

debian/modules/nginx-lua/src/ngx_http_lua_headers_in.c

debian/modules/nginx-lua/src/ngx_http_lua_headers_out.c

debian/modules/nginx-lua/src/ngx_http_lua_log.c

debian/modules/nginx-lua/src/ngx_http_lua_module.c

debian/modules/nginx-lua/src/ngx_http_lua_output.c

debian/modules/nginx-lua/src/ngx_http_lua_req_body.c

debian/modules/nginx-lua/src/ngx_http_lua_setby.c

debian/modules/nginx-lua/src/ngx_http_lua_setby.h

debian/modules/nginx-lua/src/ngx_http_lua_socket.c

debian/modules/nginx-lua/src/ngx_http_lua_string.c

debian/modules/nginx-lua/src/ngx_http_lua_subrequest.c

debian/modules/nginx-lua/src/ngx_http_lua_util.c

debian/modules/nginx-lua/t/001-set.t

debian/modules/nginx-lua/t/009-log.t

debian/modules/nginx-lua/t/016-resp-header.t

debian/modules/nginx-lua/t/023-rewrite/subrequest.t

debian/modules/nginx-lua/t/024-access/exit.t

debian/modules/nginx-lua/t/024-access/subrequest.t

debian/modules/nginx-lua/t/027-multi-capture.t

debian/modules/nginx-lua/t/030-uri-args.t

debian/modules/nginx-lua/t/044-req-body.t

debian/modules/nginx-lua/t/058-tcp-socket.t

debian/modules/nginx-lua/t/062-count.t

debian/modules/nginx-lua/t/067-req-socket.t

debian/modules/nginx-lua/t/068-socket-keepalive.t

debian/modules/nginx-lua/util/build2.sh

debian/nginx-common.postrm

debian/nginx-common.preinst

debian/nginx-naxsi-ui.install

debian/nginx-naxsi-ui.templates

debian/nginx.1

debian/po/fr.po

debian/po/templates.pot

debian/rules

src/core/nginx.h

src/core/ngx_resolver.c

src/event/ngx_event.c

src/event/ngx_event.h

src/event/ngx_event_accept.c

src/event/ngx_event_openssl.c

src/http/modules/ngx_http_fastcgi_module.c

src/http/modules/ngx_http_flv_module.c

src/http/modules/ngx_http_geo_module.c

src/http/modules/ngx_http_geoip_module.c

src/http/modules/ngx_http_gzip_static_module.c

src/http/modules/ngx_http_mp4_module.c

src/http/modules/ngx_http_realip_module.c

src/http/modules/ngx_http_scgi_module.c

src/http/modules/ngx_http_stub_status_module.c

src/http/modules/ngx_http_uwsgi_module.c

src/http/modules/perl/nginx.pm

src/http/ngx_http_core_module.c

src/http/ngx_http_core_module.h

src/http/ngx_http_parse.c

src/http/ngx_http_request.c

src/http/ngx_http_script.c

src/http/ngx_http_upstream_round_robin.c

src/http/ngx_http_upstream_round_robin.h

src/os/unix/ngx_errno.h

Show diffs side-by-side

added added

removed removed

src/http/modules/ngx_http_geoip_module.c

typedef struct {

GeoIP *country;

GeoIP *org;

GeoIP *city;

GeoIP *country;

GeoIP *org;

GeoIP *city;

ngx_array_t *proxies; /* array of ngx_cidr_t */

ngx_flag_t proxy_recursive;

} ngx_http_geoip_conf_t;

typedef struct {

ngx_str_t *name;

uintptr_t data;

ngx_str_t *name;

uintptr_t data;

} ngx_http_geoip_var_t;

typedef const char *(*ngx_http_geoip_variable_handler_pt)(GeoIP *, u_long addr);

static u_long ngx_http_geoip_addr(ngx_http_request_t *r,

ngx_http_geoip_conf_t *gcf);

static ngx_int_t ngx_http_geoip_country_variable(ngx_http_request_t *r,

ngx_http_variable_value_t *v, uintptr_t data);

static ngx_int_t ngx_http_geoip_org_variable(ngx_http_request_t *r,

static ngx_int_t ngx_http_geoip_add_variables(ngx_conf_t *cf);

static void *ngx_http_geoip_create_conf(ngx_conf_t *cf);

static char *ngx_http_geoip_init_conf(ngx_conf_t *cf, void *conf);

static char *ngx_http_geoip_country(ngx_conf_t *cf, ngx_command_t *cmd,

void *conf);

static char *ngx_http_geoip_org(ngx_conf_t *cf, ngx_command_t *cmd,

void *conf);

static char *ngx_http_geoip_city(ngx_conf_t *cf, ngx_command_t *cmd,

void *conf);

static char *ngx_http_geoip_proxy(ngx_conf_t *cf, ngx_command_t *cmd,

void *conf);

static ngx_int_t ngx_http_geoip_cidr_value(ngx_conf_t *cf, ngx_str_t *net,

ngx_cidr_t *cidr);

static void ngx_http_geoip_cleanup(void *data);

NULL },

{ ngx_string("geoip_proxy"),

NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE1,

ngx_http_geoip_proxy,

NGX_HTTP_MAIN_CONF_OFFSET,

NULL },

{ ngx_string("geoip_proxy_recursive"),

NGX_HTTP_MAIN_CONF|NGX_CONF_FLAG,

ngx_conf_set_flag_slot,

NGX_HTTP_MAIN_CONF_OFFSET,

offsetof(ngx_http_geoip_conf_t, proxy_recursive),

100

NULL },

101

102

ngx_null_command

103

};

104

108

NULL, /* postconfiguration */

109

110

ngx_http_geoip_create_conf, /* create main configuration */

NULL, /* init main configuration */

111

ngx_http_geoip_init_conf, /* init main configuration */

112

113

NULL, /* create server configuration */

114

NULL, /* merge server configuration */

182

205

183

206

184

207

static u_long

185

ngx_http_geoip_addr(ngx_http_request_t *r)

208

ngx_http_geoip_addr(ngx_http_request_t *r, ngx_http_geoip_conf_t *gcf)

186

209

{

187

struct sockaddr_in *sin;

188

#if (NGX_HAVE_INET6)

189

u_char *p;

190

u_long addr;

191

struct sockaddr_in6 *sin6;

192

#endif

193

194

switch (r->connection->sockaddr->sa_family) {

195

196

case AF_INET:

197

sin = (struct sockaddr_in *) r->connection->sockaddr;

198

return ntohl(sin->sin_addr.s_addr);

199

200

#if (NGX_HAVE_INET6)

201

202

case AF_INET6:

203

sin6 = (struct sockaddr_in6 *) r->connection->sockaddr;

204

205

if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) {

206

p = sin6->sin6_addr.s6_addr;

207

addr = p[12] << 24;

208

addr += p[13] << 16;

209

addr += p[14] << 8;

210

addr += p[15];

211

212

return addr;

210

ngx_addr_t addr;

211

ngx_table_elt_t *xfwd;

212

struct sockaddr_in *sin;

213

214

addr.sockaddr = r->connection->sockaddr;

215

addr.socklen = r->connection->socklen;

216

/* addr.name = r->connection->addr_text; */

217

218

xfwd = r->headers_in.x_forwarded_for;

219

220

if (xfwd != NULL && gcf->proxies != NULL) {

221

(void) ngx_http_get_forwarded_addr(r, &addr, xfwd->value.data,

222

xfwd->value.len, gcf->proxies,

223

gcf->proxy_recursive);

224

}

225

226

#if (NGX_HAVE_INET6)

227

228

if (addr.sockaddr->sa_family == AF_INET6) {

229

struct in6_addr *inaddr6;

230

231

inaddr6 = &((struct sockaddr_in6 *) addr.sockaddr)->sin6_addr;

232

233

if (IN6_IS_ADDR_V4MAPPED(inaddr6)) {

234

return ntohl(*(in_addr_t *) &inaddr6->s6_addr[12]);

213

235

}

236

}

214

237

215

238

#endif

239

240

if (addr.sockaddr->sa_family != AF_INET) {

241

return INADDR_NONE;

216

242

}

217

243

218

return INADDR_NONE;

244

sin = (struct sockaddr_in *) addr.sockaddr;

245

return ntohl(sin->sin_addr.s_addr);

219

246

}

220

247

221

248

235

262

goto not_found;

236

263

}

237

264

238

val = handler(gcf->country, ngx_http_geoip_addr(r));

265

val = handler(gcf->country, ngx_http_geoip_addr(r, gcf));

239

266

240

267

if (val == NULL) {

241

268

goto not_found;

273

300

goto not_found;

274

301

}

275

302

276

val = handler(gcf->org, ngx_http_geoip_addr(r));

303

val = handler(gcf->org, ngx_http_geoip_addr(r, gcf));

277

304

278

305

if (val == NULL) {

279

306

goto not_found;

453

480

gcf = ngx_http_get_module_main_conf(r, ngx_http_geoip_module);

454

481

455

482

if (gcf->city) {

456

return GeoIP_record_by_ipnum(gcf->city, ngx_http_geoip_addr(r));

483

return GeoIP_record_by_ipnum(gcf->city, ngx_http_geoip_addr(r, gcf));

457

484

}

458

485

459

486

return NULL;

490

517

return NULL;

491

518

}

492

519

520

conf->proxy_recursive = NGX_CONF_UNSET;

521

493

522

cln = ngx_pool_cleanup_add(cf->pool, 0);

494

523

if (cln == NULL) {

495

524

return NULL;

503

532

504

533

505

534

static char *

535

ngx_http_geoip_init_conf(ngx_conf_t *cf, void *conf)

536

{

537

ngx_http_geoip_conf_t *gcf = conf;

538

539

ngx_conf_init_value(gcf->proxy_recursive, 0);

540

541

return NGX_CONF_OK;

542

}

543

544

545

static char *

506

546

ngx_http_geoip_country(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)

507

547

{

508

548

ngx_http_geoip_conf_t *gcf = conf;

652

692

}

653

693

654

694

695

static char *

696

ngx_http_geoip_proxy(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)

697

{

698

ngx_http_geoip_conf_t *gcf = conf;

699

700

ngx_str_t *value;

701

ngx_cidr_t cidr, *c;

702

703

value = cf->args->elts;

704

705

if (ngx_http_geoip_cidr_value(cf, &value[1], &cidr) != NGX_OK) {

706

return NGX_CONF_ERROR;

707

}

708

709

if (gcf->proxies == NULL) {

710

gcf->proxies = ngx_array_create(cf->pool, 4, sizeof(ngx_cidr_t));

711

if (gcf->proxies == NULL) {

712

return NGX_CONF_ERROR;

713

}

714

}

715

716

c = ngx_array_push(gcf->proxies);

717

if (c == NULL) {

718

return NGX_CONF_ERROR;

719

}

720

721

*c = cidr;

722

723

return NGX_CONF_OK;

724

}

725

726

static ngx_int_t

727

ngx_http_geoip_cidr_value(ngx_conf_t *cf, ngx_str_t *net, ngx_cidr_t *cidr)

728

{

729

ngx_int_t rc;

730

731

if (ngx_strcmp(net->data, "255.255.255.255") == 0) {

732

cidr->family = AF_INET;

733

cidr->u.in.addr = 0xffffffff;

734

cidr->u.in.mask = 0xffffffff;

735

736

return NGX_OK;

737

}

738

739

rc = ngx_ptocidr(net, cidr);

740

741

if (rc == NGX_ERROR) {

742

ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid network \"%V\"", net);

743

return NGX_ERROR;

744

}

745

746

if (rc == NGX_DONE) {

747

ngx_conf_log_error(NGX_LOG_WARN, cf, 0,

748

"low address bits of %V are meaningless", net);

749

}

750

751

return NGX_OK;

752

}

753

754

655

755

static void

656

756

ngx_http_geoip_cleanup(void *data)

657

757

{

Older »