mirror of
https://github.com/openresty/openresty.git
synced 2024-10-13 00:29:41 +00:00
Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 99ec14bfb2 | |||
| 3875872801 | |||
| 4e8b4c395f |
@ -1,112 +1,30 @@
|
||||
From 881bf91da6853446398cebc1b2d6a01f8d7939d6 Mon Sep 17 00:00:00 2001
|
||||
From: doujiang24 <doujiang24@gmail.com>
|
||||
Date: Sat, 13 Jul 2019 13:06:33 +0800
|
||||
Subject: [PATCH] bugfix: ensured arguments of APIs mutating response headers
|
||||
do not contain '\r' and '\n' characters.
|
||||
|
||||
Signed-off-by: Thibault Charbonnier <thibaultcha@me.com>
|
||||
---
|
||||
src/ngx_http_lua_control.c | 2 ++
|
||||
src/ngx_http_lua_headers_out.c | 4 ++++
|
||||
src/ngx_http_lua_util.h | 15 +++++++++++++++
|
||||
3 files changed, 21 insertions(+)
|
||||
|
||||
diff --git a/src/ngx_http_lua_control.c b/src/ngx_http_lua_control.c
|
||||
index 5cd1d64c..9c523015 100644
|
||||
index 5cd1d64c..d8022cc5 100644
|
||||
--- a/src/ngx_http_lua_control.c
|
||||
+++ b/src/ngx_http_lua_control.c
|
||||
@@ -248,6 +248,8 @@ ngx_http_lua_ngx_redirect(lua_State *L)
|
||||
@@ -248,6 +248,10 @@ ngx_http_lua_ngx_redirect(lua_State *L)
|
||||
"the headers");
|
||||
}
|
||||
|
||||
+ len = ngx_http_lua_safe_header_value_len(p, len);
|
||||
|
||||
+ if (ngx_http_lua_check_unsafe_string(r, p, len, "redirect uri") != NGX_OK) {
|
||||
+ return luaL_error(L, "attempt to set unsafe redirect uri");
|
||||
+ }
|
||||
+
|
||||
uri = ngx_palloc(r->pool, len);
|
||||
if (uri == NULL) {
|
||||
return luaL_error(L, "no memory");
|
||||
diff --git a/src/ngx_http_lua_headers_out.c b/src/ngx_http_lua_headers_out.c
|
||||
index cf94bd04..4b59721e 100644
|
||||
--- a/src/ngx_http_lua_headers_out.c
|
||||
+++ b/src/ngx_http_lua_headers_out.c
|
||||
@@ -491,6 +491,10 @@ ngx_http_lua_set_output_header(ngx_http_request_t *r, ngx_http_lua_ctx_t *ctx,
|
||||
|
||||
dd("set header value: %.*s", (int) value.len, value.data);
|
||||
|
||||
+ key.len = ngx_http_lua_safe_header_value_len(key.data, key.len);
|
||||
+
|
||||
+ value.len = ngx_http_lua_safe_header_value_len(value.data, value.len);
|
||||
+
|
||||
hv.hash = ngx_hash_key_lc(key.data, key.len);
|
||||
hv.key = key;
|
||||
|
||||
diff --git a/src/ngx_http_lua_util.h b/src/ngx_http_lua_util.h
|
||||
index f08f4815..179ff3aa 100644
|
||||
--- a/src/ngx_http_lua_util.h
|
||||
+++ b/src/ngx_http_lua_util.h
|
||||
@@ -260,6 +260,21 @@ void ngx_http_lua_set_sa_restart(ngx_log_t *log);
|
||||
}
|
||||
|
||||
|
||||
+static ngx_inline size_t
|
||||
+ngx_http_lua_safe_header_value_len(u_char *str, size_t len)
|
||||
+{
|
||||
+ size_t i;
|
||||
+
|
||||
+ for (i = 0; i < len; i++, str++) {
|
||||
+ if (*str == '\r' || *str == '\n') {
|
||||
+ return i;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return len;
|
||||
+}
|
||||
+
|
||||
+
|
||||
static ngx_inline void
|
||||
ngx_http_lua_init_ctx(ngx_http_request_t *r, ngx_http_lua_ctx_t *ctx)
|
||||
{
|
||||
|
||||
From 38f587a35ef72b8cbb50114797fa875307ff0bfe Mon Sep 17 00:00:00 2001
|
||||
From: doujiang <doujiang24@gmail.com>
|
||||
Date: Fri, 20 Mar 2020 05:17:20 +0800
|
||||
Subject: [PATCH] bugfix: ensured arguments of APIs mutating uri or
|
||||
request/response headers do not contain unsafe characters. (#1654)
|
||||
|
||||
Signed-off-by: Thibault Charbonnier <thibaultcha@me.com>
|
||||
---
|
||||
src/ngx_http_lua_control.c | 4 +-
|
||||
src/ngx_http_lua_headers_in.c | 6 ++
|
||||
src/ngx_http_lua_headers_out.c | 8 ++-
|
||||
src/ngx_http_lua_uri.c | 59 ++++++++++++++++
|
||||
src/ngx_http_lua_util.c | 119 +++++++++++++++++++++++++++++++++
|
||||
src/ngx_http_lua_util.h | 17 +----
|
||||
6 files changed, 195 insertions(+), 18 deletions(-)
|
||||
|
||||
diff --git a/src/ngx_http_lua_control.c b/src/ngx_http_lua_control.c
|
||||
index 5ace1763..2fd3d174 100644
|
||||
--- a/src/ngx_http_lua_control.c
|
||||
+++ b/src/ngx_http_lua_control.c
|
||||
@@ -239,7 +239,9 @@ ngx_http_lua_ngx_redirect(lua_State *L)
|
||||
"the headers");
|
||||
}
|
||||
|
||||
- len = ngx_http_lua_safe_header_value_len(p, len);
|
||||
+ if (ngx_http_lua_check_header_safe(r, p, len) != NGX_OK) {
|
||||
+ return luaL_error(L, "attempt to use unsafe uri");
|
||||
+ }
|
||||
|
||||
uri = ngx_palloc(r->pool, len);
|
||||
if (uri == NULL) {
|
||||
diff --git a/src/ngx_http_lua_headers_in.c b/src/ngx_http_lua_headers_in.c
|
||||
index 26739fa3..a284f028 100644
|
||||
index c52cd13d..b8befc34 100644
|
||||
--- a/src/ngx_http_lua_headers_in.c
|
||||
+++ b/src/ngx_http_lua_headers_in.c
|
||||
@@ -658,6 +658,12 @@ ngx_http_lua_set_input_header(ngx_http_request_t *r, ngx_str_t key,
|
||||
@@ -664,6 +664,14 @@ ngx_http_lua_set_input_header(ngx_http_request_t *r, ngx_str_t key,
|
||||
|
||||
dd("set header value: %.*s", (int) value.len, value.data);
|
||||
|
||||
+ if (ngx_http_lua_check_header_safe(r, key.data, key.len) != NGX_OK
|
||||
+ || ngx_http_lua_check_header_safe(r, value.data, value.len) != NGX_OK)
|
||||
+ if (ngx_http_lua_check_unsafe_string(r, key.data, key.len,
|
||||
+ "header name") != NGX_OK
|
||||
+ || ngx_http_lua_check_unsafe_string(r, value.data, value.len,
|
||||
+ "header value") != NGX_OK)
|
||||
+ {
|
||||
+ return NGX_ERROR;
|
||||
+ }
|
||||
@ -115,111 +33,50 @@ index 26739fa3..a284f028 100644
|
||||
hv.key = key;
|
||||
|
||||
diff --git a/src/ngx_http_lua_headers_out.c b/src/ngx_http_lua_headers_out.c
|
||||
index 659a89f4..87f114b8 100644
|
||||
index cf94bd04..8cd36841 100644
|
||||
--- a/src/ngx_http_lua_headers_out.c
|
||||
+++ b/src/ngx_http_lua_headers_out.c
|
||||
@@ -491,9 +491,11 @@ ngx_http_lua_set_output_header(ngx_http_request_t *r, ngx_http_lua_ctx_t *ctx,
|
||||
@@ -491,6 +491,14 @@ ngx_http_lua_set_output_header(ngx_http_request_t *r, ngx_http_lua_ctx_t *ctx,
|
||||
|
||||
dd("set header value: %.*s", (int) value.len, value.data);
|
||||
|
||||
- key.len = ngx_http_lua_safe_header_value_len(key.data, key.len);
|
||||
-
|
||||
- value.len = ngx_http_lua_safe_header_value_len(value.data, value.len);
|
||||
+ if (ngx_http_lua_check_header_safe(r, key.data, key.len) != NGX_OK
|
||||
+ || ngx_http_lua_check_header_safe(r, value.data, value.len) != NGX_OK)
|
||||
+ if (ngx_http_lua_check_unsafe_string(r, key.data, key.len,
|
||||
+ "header name") != NGX_OK
|
||||
+ || ngx_http_lua_check_unsafe_string(r, value.data, value.len,
|
||||
+ "header value") != NGX_OK)
|
||||
+ {
|
||||
+ return NGX_ERROR;
|
||||
+ }
|
||||
|
||||
+
|
||||
hv.hash = ngx_hash_key_lc(key.data, key.len);
|
||||
hv.key = key;
|
||||
|
||||
diff --git a/src/ngx_http_lua_uri.c b/src/ngx_http_lua_uri.c
|
||||
index 3559b5c0..6818ba85 100644
|
||||
index 3559b5c0..569cb502 100644
|
||||
--- a/src/ngx_http_lua_uri.c
|
||||
+++ b/src/ngx_http_lua_uri.c
|
||||
@@ -16,6 +16,8 @@
|
||||
|
||||
|
||||
static int ngx_http_lua_ngx_req_set_uri(lua_State *L);
|
||||
+static ngx_int_t ngx_http_lua_check_uri_safe(ngx_http_request_t *r,
|
||||
+ u_char *str, size_t len);
|
||||
|
||||
|
||||
void
|
||||
@@ -55,6 +57,10 @@ ngx_http_lua_ngx_req_set_uri(lua_State *L)
|
||||
@@ -55,6 +55,10 @@ ngx_http_lua_ngx_req_set_uri(lua_State *L)
|
||||
return luaL_error(L, "attempt to use zero-length uri");
|
||||
}
|
||||
|
||||
+ if (ngx_http_lua_check_uri_safe(r, p, len) != NGX_OK) {
|
||||
+ return luaL_error(L, "attempt to use unsafe uri");
|
||||
+ if (ngx_http_lua_check_unsafe_string(r, p, len, "uri") != NGX_OK) {
|
||||
+ return luaL_error(L, "attempt to set unsafe uri");
|
||||
+ }
|
||||
+
|
||||
if (n == 2) {
|
||||
|
||||
luaL_checktype(L, 2, LUA_TBOOLEAN);
|
||||
@@ -107,4 +113,57 @@ ngx_http_lua_ngx_req_set_uri(lua_State *L)
|
||||
@@ -107,4 +111,5 @@ ngx_http_lua_ngx_req_set_uri(lua_State *L)
|
||||
return 0;
|
||||
}
|
||||
|
||||
+
|
||||
+static ngx_inline ngx_int_t
|
||||
+ngx_http_lua_check_uri_safe(ngx_http_request_t *r, u_char *str, size_t len)
|
||||
+{
|
||||
+ size_t i, buf_len;
|
||||
+ u_char c;
|
||||
+ u_char *buf, *src = str;
|
||||
+
|
||||
+ /* %00-%1F, " ", %7F */
|
||||
+
|
||||
+ static uint32_t unsafe[] = {
|
||||
+ 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
|
||||
+
|
||||
+ /* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */
|
||||
+ 0x00000001, /* 0000 0000 0000 0000 0000 0000 0000 0001 */
|
||||
+
|
||||
+ /* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */
|
||||
+ 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */
|
||||
+
|
||||
+ /* ~}| {zyx wvut srqp onml kjih gfed cba` */
|
||||
+ 0x80000000, /* 1000 0000 0000 0000 0000 0000 0000 0000 */
|
||||
+
|
||||
+ 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */
|
||||
+ 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */
|
||||
+ 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */
|
||||
+ 0x00000000 /* 0000 0000 0000 0000 0000 0000 0000 0000 */
|
||||
+ };
|
||||
+
|
||||
+ for (i = 0; i < len; i++, str++) {
|
||||
+ c = *str;
|
||||
+ if (unsafe[c >> 5] & (1 << (c & 0x1f))) {
|
||||
+ buf_len = ngx_http_lua_escape_log(NULL, src, len);
|
||||
+ buf = ngx_palloc(r->pool, buf_len);
|
||||
+ if (buf == NULL) {
|
||||
+ return NGX_ERROR;
|
||||
+ }
|
||||
+
|
||||
+ ngx_http_lua_escape_log(buf, src, len);
|
||||
+
|
||||
+ ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
|
||||
+ "unsafe byte \"0x%uxd\" in uri \"%*s\"",
|
||||
+ (unsigned) c, buf_len, buf);
|
||||
+
|
||||
+ ngx_pfree(r->pool, buf);
|
||||
+
|
||||
+ return NGX_ERROR;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return NGX_OK;
|
||||
+}
|
||||
+
|
||||
+
|
||||
/* vi:set ft=c ts=4 sw=4 et fdm=marker: */
|
||||
diff --git a/src/ngx_http_lua_util.c b/src/ngx_http_lua_util.c
|
||||
index 074957b6..42bfb91e 100644
|
||||
index c12262e8..515e14ad 100644
|
||||
--- a/src/ngx_http_lua_util.c
|
||||
+++ b/src/ngx_http_lua_util.c
|
||||
@@ -4261,4 +4261,123 @@ ngx_http_lua_set_sa_restart(ngx_log_t *log)
|
||||
@@ -4267,4 +4267,71 @@ ngx_http_lua_set_sa_restart(ngx_log_t *log)
|
||||
#endif
|
||||
|
||||
|
||||
@ -290,8 +147,43 @@ index 074957b6..42bfb91e 100644
|
||||
+}
|
||||
+
|
||||
+
|
||||
+ngx_inline ngx_int_t
|
||||
+ngx_http_lua_check_header_safe(ngx_http_request_t *r, u_char *str, size_t len)
|
||||
/* vi:set ft=c ts=4 sw=4 et fdm=marker: */
|
||||
diff --git a/src/ngx_http_lua_util.h b/src/ngx_http_lua_util.h
|
||||
index f08f4815..e1f4d75d 100644
|
||||
--- a/src/ngx_http_lua_util.h
|
||||
+++ b/src/ngx_http_lua_util.h
|
||||
@@ -132,6 +132,12 @@ ngx_http_lua_ffi_check_context(ngx_http_lua_ctx_t *ctx, unsigned flags,
|
||||
}
|
||||
|
||||
|
||||
+#define ngx_http_lua_check_if_abortable(L, ctx) \
|
||||
+ if ((ctx)->no_abort) { \
|
||||
+ return luaL_error(L, "attempt to abort with pending subrequests"); \
|
||||
+ }
|
||||
+
|
||||
+
|
||||
#define ngx_http_lua_ssl_get_ctx(ssl_conn) \
|
||||
SSL_get_ex_data(ssl_conn, ngx_http_lua_ssl_ctx_index)
|
||||
|
||||
@@ -254,10 +260,7 @@ void ngx_http_lua_cleanup_free(ngx_http_request_t *r,
|
||||
void ngx_http_lua_set_sa_restart(ngx_log_t *log);
|
||||
#endif
|
||||
|
||||
-#define ngx_http_lua_check_if_abortable(L, ctx) \
|
||||
- if ((ctx)->no_abort) { \
|
||||
- return luaL_error(L, "attempt to abort with pending subrequests"); \
|
||||
- }
|
||||
+size_t ngx_http_lua_escape_log(u_char *dst, u_char *src, size_t size);
|
||||
|
||||
|
||||
static ngx_inline void
|
||||
@@ -485,6 +488,59 @@ ngx_inet_get_port(struct sockaddr *sa)
|
||||
#endif
|
||||
|
||||
|
||||
+static ngx_inline ngx_int_t
|
||||
+ngx_http_lua_check_unsafe_string(ngx_http_request_t *r, u_char *str, size_t len,
|
||||
+ const char *name)
|
||||
+{
|
||||
+ size_t i, buf_len;
|
||||
+ u_char c;
|
||||
@ -329,8 +221,8 @@ index 074957b6..42bfb91e 100644
|
||||
+ ngx_http_lua_escape_log(buf, src, len);
|
||||
+
|
||||
+ ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
|
||||
+ "unsafe byte \"0x%uxd\" in header \"%*s\"",
|
||||
+ (unsigned) c, buf_len, buf);
|
||||
+ "unsafe byte \"0x%uxd\" in %s \"%*s\"",
|
||||
+ (unsigned) c, name, buf_len, buf);
|
||||
+
|
||||
+ ngx_pfree(r->pool, buf);
|
||||
+
|
||||
@ -342,33 +234,6 @@ index 074957b6..42bfb91e 100644
|
||||
+}
|
||||
+
|
||||
+
|
||||
/* vi:set ft=c ts=4 sw=4 et fdm=marker: */
|
||||
diff --git a/src/ngx_http_lua_util.h b/src/ngx_http_lua_util.h
|
||||
index 13bfd273..7e62dccb 100644
|
||||
--- a/src/ngx_http_lua_util.h
|
||||
+++ b/src/ngx_http_lua_util.h
|
||||
@@ -241,20 +241,9 @@ void ngx_http_lua_cleanup_free(ngx_http_request_t *r,
|
||||
void ngx_http_lua_set_sa_restart(ngx_log_t *log);
|
||||
#endif
|
||||
extern ngx_uint_t ngx_http_lua_location_hash;
|
||||
extern ngx_uint_t ngx_http_lua_content_length_hash;
|
||||
|
||||
-
|
||||
-static ngx_inline size_t
|
||||
-ngx_http_lua_safe_header_value_len(u_char *str, size_t len)
|
||||
-{
|
||||
- size_t i;
|
||||
-
|
||||
- for (i = 0; i < len; i++, str++) {
|
||||
- if (*str == '\r' || *str == '\n') {
|
||||
- return i;
|
||||
- }
|
||||
- }
|
||||
-
|
||||
- return len;
|
||||
-}
|
||||
+size_t ngx_http_lua_escape_log(u_char *dst, u_char *src, size_t size);
|
||||
+ngx_int_t ngx_http_lua_check_header_safe(ngx_http_request_t *r, u_char *str,
|
||||
+ size_t len);
|
||||
|
||||
|
||||
static ngx_inline void
|
||||
|
||||
|
||||
@ -0,0 +1,293 @@
|
||||
commit 96c330c3cb2a5abc95d293854801c7ba2896d1da
|
||||
Author: Thibault Charbonnier <thibaultcha@me.com>
|
||||
Date: Mon Mar 23 19:40:47 2020 -0700
|
||||
|
||||
bugfix: prevented request smuggling in the ngx.location.capture API.
|
||||
|
||||
diff --git a/src/ngx_http_lua_subrequest.c b/src/ngx_http_lua_subrequest.c
|
||||
index 19a88d99..9f7036a0 100644
|
||||
--- a/src/ngx_http_lua_subrequest.c
|
||||
+++ b/src/ngx_http_lua_subrequest.c
|
||||
@@ -57,8 +57,6 @@ static ngx_str_t ngx_http_lua_content_length_header_key =
|
||||
ngx_string("Content-Length");
|
||||
|
||||
|
||||
-static ngx_int_t ngx_http_lua_set_content_length_header(ngx_http_request_t *r,
|
||||
- off_t len);
|
||||
static ngx_int_t ngx_http_lua_adjust_subrequest(ngx_http_request_t *sr,
|
||||
ngx_uint_t method, int forward_body,
|
||||
ngx_http_request_body_t *body, unsigned vars_action,
|
||||
@@ -79,7 +77,7 @@ static void ngx_http_lua_cancel_subreq(ngx_http_request_t *r);
|
||||
static ngx_int_t ngx_http_post_request_to_head(ngx_http_request_t *r);
|
||||
static ngx_int_t ngx_http_lua_copy_in_file_request_body(ngx_http_request_t *r);
|
||||
static ngx_int_t ngx_http_lua_copy_request_headers(ngx_http_request_t *sr,
|
||||
- ngx_http_request_t *r);
|
||||
+ ngx_http_request_t *pr, ngx_uint_t prcl);
|
||||
|
||||
|
||||
enum {
|
||||
@@ -634,8 +632,8 @@ ngx_http_lua_adjust_subrequest(ngx_http_request_t *sr, ngx_uint_t method,
|
||||
unsigned vars_action, ngx_array_t *extra_vars)
|
||||
{
|
||||
ngx_http_request_t *r;
|
||||
- ngx_int_t rc;
|
||||
ngx_http_core_main_conf_t *cmcf;
|
||||
+ ngx_uint_t prcl = 0;
|
||||
size_t size;
|
||||
|
||||
r = sr->parent;
|
||||
@@ -645,46 +643,32 @@ ngx_http_lua_adjust_subrequest(ngx_http_request_t *sr, ngx_uint_t method,
|
||||
if (body) {
|
||||
sr->request_body = body;
|
||||
|
||||
- rc = ngx_http_lua_set_content_length_header(sr,
|
||||
- body->buf
|
||||
- ? ngx_buf_size(body->buf)
|
||||
- : 0);
|
||||
-
|
||||
- if (rc != NGX_OK) {
|
||||
- return NGX_ERROR;
|
||||
- }
|
||||
-
|
||||
} else if (!always_forward_body
|
||||
&& method != NGX_HTTP_PUT
|
||||
&& method != NGX_HTTP_POST
|
||||
&& r->headers_in.content_length_n > 0)
|
||||
{
|
||||
- rc = ngx_http_lua_set_content_length_header(sr, 0);
|
||||
- if (rc != NGX_OK) {
|
||||
- return NGX_ERROR;
|
||||
- }
|
||||
-
|
||||
-#if 1
|
||||
sr->request_body = NULL;
|
||||
-#endif
|
||||
|
||||
} else {
|
||||
- if (ngx_http_lua_copy_request_headers(sr, r) != NGX_OK) {
|
||||
- return NGX_ERROR;
|
||||
+ if (!r->headers_in.chunked) {
|
||||
+ prcl = 1;
|
||||
}
|
||||
|
||||
- if (sr->request_body) {
|
||||
+ if (sr->request_body && sr->request_body->temp_file) {
|
||||
|
||||
/* deep-copy the request body */
|
||||
|
||||
- if (sr->request_body->temp_file) {
|
||||
- if (ngx_http_lua_copy_in_file_request_body(sr) != NGX_OK) {
|
||||
- return NGX_ERROR;
|
||||
- }
|
||||
+ if (ngx_http_lua_copy_in_file_request_body(sr) != NGX_OK) {
|
||||
+ return NGX_ERROR;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
+ if (ngx_http_lua_copy_request_headers(sr, r, prcl) != NGX_OK) {
|
||||
+ return NGX_ERROR;
|
||||
+ }
|
||||
+
|
||||
sr->method = method;
|
||||
|
||||
switch (method) {
|
||||
@@ -1134,100 +1118,6 @@ ngx_http_lua_post_subrequest(ngx_http_request_t *r, void *data, ngx_int_t rc)
|
||||
}
|
||||
|
||||
|
||||
-static ngx_int_t
|
||||
-ngx_http_lua_set_content_length_header(ngx_http_request_t *r, off_t len)
|
||||
-{
|
||||
- ngx_table_elt_t *h, *header;
|
||||
- u_char *p;
|
||||
- ngx_list_part_t *part;
|
||||
- ngx_http_request_t *pr;
|
||||
- ngx_uint_t i;
|
||||
-
|
||||
- r->headers_in.content_length_n = len;
|
||||
-
|
||||
- if (ngx_list_init(&r->headers_in.headers, r->pool, 20,
|
||||
- sizeof(ngx_table_elt_t)) != NGX_OK)
|
||||
- {
|
||||
- return NGX_ERROR;
|
||||
- }
|
||||
-
|
||||
- h = ngx_list_push(&r->headers_in.headers);
|
||||
- if (h == NULL) {
|
||||
- return NGX_ERROR;
|
||||
- }
|
||||
-
|
||||
- h->key = ngx_http_lua_content_length_header_key;
|
||||
- h->lowcase_key = ngx_pnalloc(r->pool, h->key.len);
|
||||
- if (h->lowcase_key == NULL) {
|
||||
- return NGX_ERROR;
|
||||
- }
|
||||
-
|
||||
- ngx_strlow(h->lowcase_key, h->key.data, h->key.len);
|
||||
-
|
||||
- r->headers_in.content_length = h;
|
||||
-
|
||||
- p = ngx_palloc(r->pool, NGX_OFF_T_LEN);
|
||||
- if (p == NULL) {
|
||||
- return NGX_ERROR;
|
||||
- }
|
||||
-
|
||||
- h->value.data = p;
|
||||
-
|
||||
- h->value.len = ngx_sprintf(h->value.data, "%O", len) - h->value.data;
|
||||
-
|
||||
- h->hash = ngx_http_lua_content_length_hash;
|
||||
-
|
||||
-#if 0
|
||||
- dd("content length hash: %lu == %lu", (unsigned long) h->hash,
|
||||
- ngx_hash_key_lc((u_char *) "Content-Length",
|
||||
- sizeof("Content-Length") - 1));
|
||||
-#endif
|
||||
-
|
||||
- dd("r content length: %.*s",
|
||||
- (int) r->headers_in.content_length->value.len,
|
||||
- r->headers_in.content_length->value.data);
|
||||
-
|
||||
- pr = r->parent;
|
||||
-
|
||||
- if (pr == NULL) {
|
||||
- return NGX_OK;
|
||||
- }
|
||||
-
|
||||
- /* forward the parent request's all other request headers */
|
||||
-
|
||||
- part = &pr->headers_in.headers.part;
|
||||
- header = part->elts;
|
||||
-
|
||||
- for (i = 0; /* void */; i++) {
|
||||
-
|
||||
- if (i >= part->nelts) {
|
||||
- if (part->next == NULL) {
|
||||
- break;
|
||||
- }
|
||||
-
|
||||
- part = part->next;
|
||||
- header = part->elts;
|
||||
- i = 0;
|
||||
- }
|
||||
-
|
||||
- if (header[i].key.len == sizeof("Content-Length") - 1
|
||||
- && ngx_strncasecmp(header[i].key.data, (u_char *) "Content-Length",
|
||||
- sizeof("Content-Length") - 1) == 0)
|
||||
- {
|
||||
- continue;
|
||||
- }
|
||||
-
|
||||
- if (ngx_http_lua_set_input_header(r, header[i].key,
|
||||
- header[i].value, 0) == NGX_ERROR)
|
||||
- {
|
||||
- return NGX_ERROR;
|
||||
- }
|
||||
- }
|
||||
-
|
||||
- return NGX_OK;
|
||||
-}
|
||||
-
|
||||
-
|
||||
static void
|
||||
ngx_http_lua_handle_subreq_responses(ngx_http_request_t *r,
|
||||
ngx_http_lua_ctx_t *ctx)
|
||||
@@ -1742,11 +1632,17 @@ ngx_http_lua_copy_in_file_request_body(ngx_http_request_t *r)
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
-ngx_http_lua_copy_request_headers(ngx_http_request_t *sr, ngx_http_request_t *r)
|
||||
+ngx_http_lua_copy_request_headers(ngx_http_request_t *sr,
|
||||
+ ngx_http_request_t *pr, ngx_uint_t prcl)
|
||||
{
|
||||
- ngx_table_elt_t *header;
|
||||
+ ngx_table_elt_t *clh, *header;
|
||||
ngx_list_part_t *part;
|
||||
ngx_uint_t i;
|
||||
+ u_char *p;
|
||||
+ off_t len;
|
||||
+
|
||||
+ dd("before: parent req headers count: %d",
|
||||
+ (int) pr->headers_in.headers.part.nelts);
|
||||
|
||||
if (ngx_list_init(&sr->headers_in.headers, sr->pool, 20,
|
||||
sizeof(ngx_table_elt_t)) != NGX_OK)
|
||||
@@ -1754,10 +1650,46 @@ ngx_http_lua_copy_request_headers(ngx_http_request_t *sr, ngx_http_request_t *r)
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
- dd("before: parent req headers count: %d",
|
||||
- (int) r->headers_in.headers.part.nelts);
|
||||
+ if (sr->request_body && !prcl) {
|
||||
+
|
||||
+ /* craft our own Content-Length */
|
||||
+
|
||||
+ len = sr->request_body->buf ? ngx_buf_size(sr->request_body->buf) : 0;
|
||||
+
|
||||
+ clh = ngx_list_push(&sr->headers_in.headers);
|
||||
+ if (clh == NULL) {
|
||||
+ return NGX_ERROR;
|
||||
+ }
|
||||
|
||||
- part = &r->headers_in.headers.part;
|
||||
+ clh->hash = ngx_http_lua_content_length_hash;
|
||||
+ clh->key = ngx_http_lua_content_length_header_key;
|
||||
+ clh->lowcase_key = ngx_pnalloc(sr->pool, clh->key.len);
|
||||
+ if (clh->lowcase_key == NULL) {
|
||||
+ return NGX_ERROR;
|
||||
+ }
|
||||
+
|
||||
+ ngx_strlow(clh->lowcase_key, clh->key.data, clh->key.len);
|
||||
+
|
||||
+ p = ngx_palloc(sr->pool, NGX_OFF_T_LEN);
|
||||
+ if (p == NULL) {
|
||||
+ return NGX_ERROR;
|
||||
+ }
|
||||
+
|
||||
+ clh->value.data = p;
|
||||
+ clh->value.len = ngx_sprintf(clh->value.data, "%O", len)
|
||||
+ - clh->value.data;
|
||||
+
|
||||
+ sr->headers_in.content_length = clh;
|
||||
+ sr->headers_in.content_length_n = len;
|
||||
+
|
||||
+ dd("sr crafted content-length: %.*s",
|
||||
+ (int) sr->headers_in.content_length->value.len,
|
||||
+ sr->headers_in.content_length->value.data);
|
||||
+ }
|
||||
+
|
||||
+ /* copy the parent request's headers */
|
||||
+
|
||||
+ part = &pr->headers_in.headers.part;
|
||||
header = part->elts;
|
||||
|
||||
for (i = 0; /* void */; i++) {
|
||||
@@ -1772,7 +1704,14 @@ ngx_http_lua_copy_request_headers(ngx_http_request_t *sr, ngx_http_request_t *r)
|
||||
i = 0;
|
||||
}
|
||||
|
||||
- dd("setting request header %.*s: %.*s", (int) header[i].key.len,
|
||||
+ if (!prcl && header[i].key.len == sizeof("Content-Length") - 1
|
||||
+ && ngx_strncasecmp(header[i].key.data, (u_char *) "Content-Length",
|
||||
+ sizeof("Content-Length") - 1) == 0)
|
||||
+ {
|
||||
+ continue;
|
||||
+ }
|
||||
+
|
||||
+ dd("sr copied req header %.*s: %.*s", (int) header[i].key.len,
|
||||
header[i].key.data, (int) header[i].value.len,
|
||||
header[i].value.data);
|
||||
|
||||
@@ -1784,9 +1723,10 @@ ngx_http_lua_copy_request_headers(ngx_http_request_t *sr, ngx_http_request_t *r)
|
||||
}
|
||||
|
||||
dd("after: parent req headers count: %d",
|
||||
- (int) r->headers_in.headers.part.nelts);
|
||||
+ (int) pr->headers_in.headers.part.nelts);
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
+
|
||||
/* vi:set ft=c ts=4 sw=4 et fdm=marker: */
|
||||
@ -529,8 +529,13 @@ mv lua-nginx-module-$ver ngx_lua-$ver || exit 1
|
||||
|
||||
cd ngx_lua-$ver || exit 1
|
||||
|
||||
echo "applying ngx_http_lua-$ver-check-uri-and-headers-safety patch"
|
||||
echo "$info_txt applying ngx_http_lua-$ver-check-uri-and-headers-safety patch"
|
||||
patch -p1 < $root/patches/ngx_http_lua-$ver-check-uri-and-headers-safety.patch || exit 1
|
||||
echo
|
||||
|
||||
echo "$info_txt applying ngx_http_lua-$ver-fix_location_capture_content_length_chunked patch"
|
||||
patch -p1 < $root/patches/ngx_http_lua-$ver-fix_location_capture_content_length_chunked.patch || exit 1
|
||||
echo
|
||||
|
||||
cd .. || exit 1
|
||||
|
||||
|
||||
Reference in New Issue
Block a user