diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/http/modules/ngx_http_fastcgi_module.c | 4 | ||||
| -rw-r--r-- | src/http/modules/ngx_http_proxy_module.c | 2 | ||||
| -rw-r--r-- | src/http/ngx_http.h | 3 | ||||
| -rw-r--r-- | src/http/ngx_http_core_module.c | 11 | ||||
| -rw-r--r-- | src/http/ngx_http_core_module.h | 1 | ||||
| -rw-r--r-- | src/http/ngx_http_parse.c | 18 | ||||
| -rw-r--r-- | src/http/ngx_http_request.c | 3 |
7 files changed, 35 insertions, 7 deletions
diff --git a/src/http/modules/ngx_http_fastcgi_module.c b/src/http/modules/ngx_http_fastcgi_module.c index 049c1130b..b4a07d011 100644 --- a/src/http/modules/ngx_http_fastcgi_module.c +++ b/src/http/modules/ngx_http_fastcgi_module.c @@ -1031,7 +1031,7 @@ ngx_http_fastcgi_process_header(ngx_http_request_t *r) part_start = u->buffer.pos; - rc = ngx_http_parse_header_line(r, &u->buffer); + rc = ngx_http_parse_header_line(r, &u->buffer, 1); ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http fastcgi parser: %d", rc); @@ -1076,7 +1076,7 @@ ngx_http_fastcgi_process_header(ngx_http_request_t *r) f->split_parts->nelts = 0; - rc = ngx_http_parse_header_line(r, &buf); + rc = ngx_http_parse_header_line(r, &buf, 1); h->key.len = r->header_name_end - r->header_name_start; h->key.data = r->header_name_start; diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c index 6c0e28a34..d8392ee8d 100644 --- a/src/http/modules/ngx_http_proxy_module.c +++ b/src/http/modules/ngx_http_proxy_module.c @@ -1214,7 +1214,7 @@ ngx_http_proxy_process_header(ngx_http_request_t *r) for ( ;; ) { - rc = ngx_http_parse_header_line(r, &r->upstream->buffer); + rc = ngx_http_parse_header_line(r, &r->upstream->buffer, 1); if (rc == NGX_OK) { diff --git a/src/http/ngx_http.h b/src/http/ngx_http.h index 762d85c74..79b218716 100644 --- a/src/http/ngx_http.h +++ b/src/http/ngx_http.h @@ -72,7 +72,8 @@ ngx_int_t ngx_http_parse_complex_uri(ngx_http_request_t *r, ngx_uint_t merge_slashes); ngx_int_t ngx_http_parse_unsafe_uri(ngx_http_request_t *r, ngx_str_t *uri, ngx_str_t *args, ngx_uint_t *flags); -ngx_int_t ngx_http_parse_header_line(ngx_http_request_t *r, ngx_buf_t *b); +ngx_int_t ngx_http_parse_header_line(ngx_http_request_t *r, ngx_buf_t *b, + ngx_uint_t allow_underscores); ngx_int_t ngx_http_parse_multi_header_lines(ngx_array_t *headers, ngx_str_t *name, ngx_str_t *value); diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c index e1d5a8f55..050f81e7f 100644 --- a/src/http/ngx_http_core_module.c +++ b/src/http/ngx_http_core_module.c @@ -231,6 +231,13 @@ static ngx_command_t ngx_http_core_commands[] = { offsetof(ngx_http_core_srv_conf_t, merge_slashes), NULL }, + { ngx_string("underscores_in_headers"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, + ngx_conf_set_flag_slot, + NGX_HTTP_SRV_CONF_OFFSET, + offsetof(ngx_http_core_srv_conf_t, underscores_in_headers), + NULL }, + { ngx_string("location"), NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_BLOCK|NGX_CONF_TAKE12, ngx_http_core_location, @@ -2527,6 +2534,7 @@ ngx_http_core_create_srv_conf(ngx_conf_t *cf) cscf->client_header_buffer_size = NGX_CONF_UNSET_SIZE; cscf->ignore_invalid_headers = NGX_CONF_UNSET; cscf->merge_slashes = NGX_CONF_UNSET; + cscf->underscores_in_headers = NGX_CONF_UNSET; return cscf; } @@ -2605,6 +2613,9 @@ ngx_http_core_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) ngx_conf_merge_value(conf->merge_slashes, prev->merge_slashes, 1); + ngx_conf_merge_value(conf->underscores_in_headers, + prev->underscores_in_headers, 0); + return NGX_CONF_OK; } diff --git a/src/http/ngx_http_core_module.h b/src/http/ngx_http_core_module.h index a3d8940a9..e28aad561 100644 --- a/src/http/ngx_http_core_module.h +++ b/src/http/ngx_http_core_module.h @@ -155,6 +155,7 @@ typedef struct { ngx_flag_t ignore_invalid_headers; ngx_flag_t merge_slashes; + ngx_flag_t underscores_in_headers; ngx_http_core_loc_conf_t **named_locations; } ngx_http_core_srv_conf_t; diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c index 2fce7acac..b08d5eaa7 100644 --- a/src/http/ngx_http_parse.c +++ b/src/http/ngx_http_parse.c @@ -700,7 +700,8 @@ done: ngx_int_t -ngx_http_parse_header_line(ngx_http_request_t *r, ngx_buf_t *b) +ngx_http_parse_header_line(ngx_http_request_t *r, ngx_buf_t *b, + ngx_uint_t allow_underscores) { u_char c, ch, *p; ngx_uint_t hash, i; @@ -720,7 +721,7 @@ ngx_http_parse_header_line(ngx_http_request_t *r, ngx_buf_t *b) static u_char lowcase[] = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" "\0\0\0\0\0\0\0\0\0\0\0\0\0-\0\0" "0123456789\0\0\0\0\0\0" - "\0abcdefghijklmnopqrstuvwxyz\0\0\0\0_" + "\0abcdefghijklmnopqrstuvwxyz\0\0\0\0\0" "\0abcdefghijklmnopqrstuvwxyz\0\0\0\0\0" "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" @@ -779,6 +780,19 @@ ngx_http_parse_header_line(ngx_http_request_t *r, ngx_buf_t *b) break; } + if (ch == '_') { + if (allow_underscores) { + hash = ngx_hash(hash, ch); + r->lowcase_header[i++] = ch; + i &= (NGX_HTTP_LC_HEADER_LEN - 1); + + } else { + r->invalid_header = 1; + } + + break; + } + if (ch == ':') { r->header_name_end = p; state = sw_space_before_value; diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c index ae3bb03d5..3970852ea 100644 --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -902,7 +902,8 @@ ngx_http_process_request_headers(ngx_event_t *rev) } } - rc = ngx_http_parse_header_line(r, r->header_in); + rc = ngx_http_parse_header_line(r, r->header_in, + cscf->underscores_in_headers); if (rc == NGX_OK) { |