← Back to branch summary

~ubuntu-branches/ubuntu/trusty/nginx/trusty-updates

~ubuntu-branches/ubuntu/trusty/nginx/trusty-updates

« back to all changes in this revision

Viewing changes to src/http/ngx_http_parse.c

Committer: Package Import Robot
Author(s): Cyril Lavier, Cyril Lavier
Date: 2012-06-27 13:52:03 UTC
mfrom: (4.2.51 sid)
Revision ID: package-import@ubuntu.com-20120627135203-82rzqkajfpo1m77u

Tags: 1.2.1-2

[Cyril Lavier]
* Urgency set to medium, security bug in naxsi module, fix via upstream.
* debian/modules/naxsi:
+ Updated naxsi module to version 0.46-1 fixing the following security
issue : potential file disclosure in nx_extract.

files added:
debian/modules/naxsi/t/servroot

debian/modules/naxsi/t/servroot/conf

debian/modules/naxsi/t/servroot/conf/nginx.conf

debian/modules/naxsi/t/servroot/html

debian/modules/naxsi/t/servroot/html/index.html

debian/modules/naxsi/t/servroot/logs

debian/modules/naxsi/t/servroot/logs/access.log

debian/modules/naxsi/t/servroot/logs/error.log

debian/modules/nginx-lua/deps

debian/modules/nginx-lua/deps/ngx_devel_kit

debian/modules/nginx-lua/t/072-conditional-get.t

debian/modules/nginx-lua/t/073-backtrace.t

debian/modules/nginx-lua/t/074-prefix-var.t

debian/modules/nginx-lua/t/076-no-postpone.t

debian/nginx-naxsi-ui.postrm

debian/nginx-naxsi-ui.prerm

debian/po/cs.po

debian/po/da.po

debian/po/de.po

debian/po/es.po

debian/po/gl.po

debian/po/it.po

debian/po/nl.po

debian/po/pl.po

debian/po/pt.po

debian/po/ru.po

debian/po/sk.po

debian/po/sv.po

files removed:
debian/nginx-full.postrm

debian/nginx-light.postrm

debian/nginx-naxsi.postrm

files modified:
CHANGES

CHANGES.ru

debian/changelog

debian/conf/sites-available/default

debian/control

debian/copyright

debian/modules/README.Modules-versions

debian/modules/naxsi/contrib/naxsi-ui/naxsi-ui-learning.conf

debian/modules/naxsi/contrib/naxsi-ui/naxsi-ui-stats.conf

debian/modules/naxsi/contrib/naxsi-ui/nx_extract.py

debian/modules/naxsi/naxsi_src/naxsi.h

debian/modules/nginx-lua/README

debian/modules/nginx-lua/README.markdown

debian/modules/nginx-lua/config

debian/modules/nginx-lua/doc/HttpLuaModule.wiki

debian/modules/nginx-lua/src/ngx_http_lua_accessby.c

debian/modules/nginx-lua/src/ngx_http_lua_args.c

debian/modules/nginx-lua/src/ngx_http_lua_args.h

debian/modules/nginx-lua/src/ngx_http_lua_common.h

debian/modules/nginx-lua/src/ngx_http_lua_conf.c

debian/modules/nginx-lua/src/ngx_http_lua_control.c

debian/modules/nginx-lua/src/ngx_http_lua_directive.c

debian/modules/nginx-lua/src/ngx_http_lua_directive.h

debian/modules/nginx-lua/src/ngx_http_lua_headerfilterby.c

debian/modules/nginx-lua/src/ngx_http_lua_headers_in.c

debian/modules/nginx-lua/src/ngx_http_lua_headers_out.c

debian/modules/nginx-lua/src/ngx_http_lua_log.c

debian/modules/nginx-lua/src/ngx_http_lua_module.c

debian/modules/nginx-lua/src/ngx_http_lua_output.c

debian/modules/nginx-lua/src/ngx_http_lua_req_body.c

debian/modules/nginx-lua/src/ngx_http_lua_setby.c

debian/modules/nginx-lua/src/ngx_http_lua_setby.h

debian/modules/nginx-lua/src/ngx_http_lua_socket.c

debian/modules/nginx-lua/src/ngx_http_lua_string.c

debian/modules/nginx-lua/src/ngx_http_lua_subrequest.c

debian/modules/nginx-lua/src/ngx_http_lua_util.c

debian/modules/nginx-lua/t/001-set.t

debian/modules/nginx-lua/t/009-log.t

debian/modules/nginx-lua/t/016-resp-header.t

debian/modules/nginx-lua/t/023-rewrite/subrequest.t

debian/modules/nginx-lua/t/024-access/exit.t

debian/modules/nginx-lua/t/024-access/subrequest.t

debian/modules/nginx-lua/t/027-multi-capture.t

debian/modules/nginx-lua/t/030-uri-args.t

debian/modules/nginx-lua/t/044-req-body.t

debian/modules/nginx-lua/t/058-tcp-socket.t

debian/modules/nginx-lua/t/062-count.t

debian/modules/nginx-lua/t/067-req-socket.t

debian/modules/nginx-lua/t/068-socket-keepalive.t

debian/modules/nginx-lua/util/build2.sh

debian/nginx-common.postrm

debian/nginx-common.preinst

debian/nginx-naxsi-ui.install

debian/nginx-naxsi-ui.templates

debian/nginx.1

debian/po/fr.po

debian/po/templates.pot

debian/rules

src/core/nginx.h

src/core/ngx_resolver.c

src/event/ngx_event.c

src/event/ngx_event.h

src/event/ngx_event_accept.c

src/event/ngx_event_openssl.c

src/http/modules/ngx_http_fastcgi_module.c

src/http/modules/ngx_http_flv_module.c

src/http/modules/ngx_http_geo_module.c

src/http/modules/ngx_http_geoip_module.c

src/http/modules/ngx_http_gzip_static_module.c

src/http/modules/ngx_http_mp4_module.c

src/http/modules/ngx_http_realip_module.c

src/http/modules/ngx_http_scgi_module.c

src/http/modules/ngx_http_stub_status_module.c

src/http/modules/ngx_http_uwsgi_module.c

src/http/modules/perl/nginx.pm

src/http/ngx_http_core_module.c

src/http/ngx_http_core_module.h

src/http/ngx_http_parse.c

src/http/ngx_http_request.c

src/http/ngx_http_script.c

src/http/ngx_http_upstream_round_robin.c

src/http/ngx_http_upstream_round_robin.h

src/os/unix/ngx_errno.h

Show diffs side-by-side

added added

removed removed

src/http/ngx_http_parse.c

543

543

544

544

switch (ch) {

545

545

case '/':

546

#if (NGX_WIN32)

547

if (r->uri_ext == p) {

548

r->complex_uri = 1;

549

state = sw_uri;

550

break;

551

}

552

#endif

546

553

r->uri_ext = NULL;

547

554

state = sw_after_slash_in_uri;

548

555

break;

1117

1124

switch(ch) {

1118

1125

#if (NGX_WIN32)

1119

1126

case '\\':

1127

if (u - 2 >= r->uri.data

1128

&& *(u - 1) == '.' && *(u - 2) != '.')

1129

{

1130

u--;

1131

}

1132

1120

1133

r->uri_ext = NULL;

1121

1134

1122

1135

if (p == r->uri_start + r->uri.len) {

1134

1147

break;

1135

1148

#endif

1136

1149

case '/':

1150

#if (NGX_WIN32)

1151

if (u - 2 >= r->uri.data

1152

&& *(u - 1) == '.' && *(u - 2) != '.')

1153

{

1154

u--;

1155

}

1156

#endif

1137

1157

r->uri_ext = NULL;

1138

1158

state = sw_slash;

1139

1159

*u++ = ch;

Older »