diff options
Diffstat (limited to 'src/http')
| -rw-r--r-- | src/http/ngx_http_parse.c | 23 | ||||
| -rw-r--r-- | src/http/ngx_http_request.c | 8 |
2 files changed, 6 insertions, 25 deletions
diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c index 11e62e6ac..4aa1be8ed 100644 --- a/src/http/ngx_http_parse.c +++ b/src/http/ngx_http_parse.c @@ -1337,12 +1337,7 @@ ngx_http_parse_unsafe_uri(ngx_http_request_t *r, ngx_str_t *uri, goto unsafe; } - if (p[0] == '.' && len == 3 && p[1] == '.' && (p[2] == '/' -#if (NGX_WIN32) - || p[2] == '\\' -#endif - )) - { + if (p[0] == '.' && len == 3 && p[1] == '.' && (ngx_path_separator(p[2]))) { goto unsafe; } @@ -1367,30 +1362,22 @@ ngx_http_parse_unsafe_uri(ngx_http_request_t *r, ngx_str_t *uri, continue; } - if ((ch == '/' -#if (NGX_WIN32) - || ch == '\\' -#endif - ) && len > 2) - { + if (ngx_path_separator(ch) && len > 2) { + /* detect "/../" */ - if (p[0] == '.' && p[1] == '.' && p[2] == '/') { + if (p[0] == '.' && p[1] == '.' && ngx_path_separator(p[2])) { goto unsafe; } #if (NGX_WIN32) - if (p[2] == '\\') { - goto unsafe; - } - if (len > 3) { /* detect "/.../" */ if (p[0] == '.' && p[1] == '.' && p[2] == '.' - && (p[3] == '/' || p[3] == '\\')) + && ngx_path_separator(p[3])) { goto unsafe; } diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c index 31ab640e2..d06c6dd3f 100644 --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -1587,15 +1587,9 @@ ngx_http_validate_host(u_char *host, size_t len) continue; } - if (ch == '/' || ch == '\0') { + if (ngx_path_separator(ch) || ch == '\0') { return -1; } - -#if (NGX_WIN32) - if (ch == '\\') { - return -1; - } -#endif } if (dot) { |