ngx_path_separator()

2024-12-20 14:13:33 -06:00 · 2009-04-23 16:38:59 +00:00 · 2009-04-23 16:38:59 +00:00 · bf14b000e6
commit bf14b000e6
parent c28ff717cb
4 changed files with 10 additions and 25 deletions
--- a/src/http/ngx_http_parse.c
+++ b/src/http/ngx_http_parse.c
@ -1337,12 +1337,7 @@ ngx_http_parse_unsafe_uri(ngx_http_request_t *r, ngx_str_t *uri,
        goto unsafe;
    }

-    if (p[0] == '.' && len == 3 && p[1] == '.' && (p[2] == '/'
-#if (NGX_WIN32)
-                                                   || p[2] == '\\'
-#endif
-        ))
-    {
+    if (p[0] == '.' && len == 3 && p[1] == '.' && (ngx_path_separator(p[2]))) {
        goto unsafe;
    }

@ -1367,30 +1362,22 @@ ngx_http_parse_unsafe_uri(ngx_http_request_t *r, ngx_str_t *uri,
            continue;
        }

-        if ((ch == '/'
-#if (NGX_WIN32)
-             || ch == '\\'
-#endif
-            ) && len > 2)
-        {
+        if (ngx_path_separator(ch) && len > 2) {
+
            /* detect "/../" */

-            if (p[0] == '.' && p[1] == '.' && p[2] == '/') {
+            if (p[0] == '.' && p[1] == '.' && ngx_path_separator(p[2])) {
                goto unsafe;
            }

 #if (NGX_WIN32)

-            if (p[2] == '\\') {
-                goto unsafe;
-            }
-
            if (len > 3) {

                /* detect "/.../" */

                if (p[0] == '.' && p[1] == '.' && p[2] == '.'
-                    && (p[3] == '/' || p[3] == '\\'))
+                    && ngx_path_separator(p[3]))
                {
                    goto unsafe;
                }
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@ -1587,15 +1587,9 @@ ngx_http_validate_host(u_char *host, size_t len)
            continue;
        }

-        if (ch == '/' || ch == '\0') {
+        if (ngx_path_separator(ch) || ch == '\0') {
            return -1;
        }
-
-#if (NGX_WIN32)
-        if (ch == '\\') {
-            return -1;
-        }
-#endif
    }

    if (dot) {
--- a/src/os/unix/ngx_files.h
+++ b/src/os/unix/ngx_files.h
@ -160,6 +160,8 @@ ngx_int_t ngx_set_file_time(u_char *name, ngx_fd_t fd, time_t s);
 #define ngx_realpath_n           "realpath()"
 #define ngx_getcwd(buf, size)    (getcwd(buf, size) != NULL)
 #define ngx_getcwd_n             "getcwd()"
+#define ngx_path_separator(c)    ((c) == '/')
+
 #define NGX_MAX_PATH             PATH_MAX

 #define NGX_DIR_MASK_LEN         0
--- a/src/os/win32/ngx_files.h
+++ b/src/os/win32/ngx_files.h
@ -154,6 +154,8 @@ char *ngx_realpath(u_char *path, u_char *resolved);
 #define ngx_realpath_n              ""
 #define ngx_getcwd(buf, size)       GetCurrentDirectory(size, buf)
 #define ngx_getcwd_n                "GetCurrentDirectory()"
+#define ngx_path_separator(c)       ((c) == '/' || (c) == '\\')
+
 #define NGX_MAX_PATH                MAX_PATH