update to 1.2.1

1 files changed, 26 insertions, 15 deletions

diff --git a/usr.sbin/nginx/src/http/ngx_http_request.c b/usr.sbin/nginx/src/http/ngx_http_request.c
index 052f379ac3d..b1877131cc9 100644
--- a/usr.sbin/nginx/src/http/ngx_http_request.c
+++ b/usr.sbin/nginx/src/http/ngx_http_request.c
@@ -812,7 +812,28 @@ ngx_http_process_request_line(ngx_event_t *rev)
 
 #if (NGX_WIN32)
             {
-            u_char  *p;
+            u_char  *p, *last;
+
+            p = r->uri.data;
+            last = r->uri.data + r->uri.len;
+
+            while (p < last) {
+
+                if (*p++ == ':') {
+
+                    /*
+                     * this check covers "::$data", "::$index_allocation" and
+                     * ":$i30:$index_allocation"
+                     */
+
+                    if (p < last && *p == '$') {
+                        ngx_log_error(NGX_LOG_INFO, c->log, 0,
+                                      "client sent unsafe win32 URI");
+                        ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST);
+                        return;
+                    }
+                }
+            }
 
             p = r->uri.data + r->uri.len - 1;
 
@@ -828,11 +849,6 @@ ngx_http_process_request_line(ngx_event_t *rev)
                     continue;
                 }
 
-                if (ngx_strncasecmp(p - 6, (u_char *) "::$data", 7) == 0) {
-                    p -= 7;
-                    continue;
-                }
-
                 break;
             }
 
@@ -1933,7 +1949,6 @@ ngx_http_finalize_request(ngx_http_request_t *r, ngx_int_t rc)
 
     if (rc == NGX_OK && r->filter_finalize) {
         c->error = 1;
-        return;
     }
 
     if (rc == NGX_DECLINED) {
@@ -2001,14 +2016,6 @@ ngx_http_finalize_request(ngx_http_request_t *r, ngx_int_t rc)
             return;
         }
 
-#if (NGX_DEBUG)
-        if (r != c->data) {
-            ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0,
-                           "http finalize non-active request: \"%V?%V\"",
-                           &r->uri, &r->args);
-        }
-#endif
-
         pr = r->parent;
 
         if (r == c->data) {
@@ -2042,6 +2049,10 @@ ngx_http_finalize_request(ngx_http_request_t *r, ngx_int_t rc)
 
         } else {
 
+            ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0,
+                           "http finalize non-active request: \"%V?%V\"",
+                           &r->uri, &r->args);
+
             r->write_event_handler = ngx_http_request_finalizer;
 
             if (r->waited) {