diff options
author | Maxim Dounin <mdounin@mdounin.ru> | 2012-03-05 12:49:32 +0000 |
---|---|---|
committer | Maxim Dounin <mdounin@mdounin.ru> | 2012-03-05 12:49:32 +0000 |
commit | be909c35b0b2ad737b701fde9c63105251800b14 (patch) | |
tree | c4c22d553d969f5880a5ec3d812a07e38db6d7dd | |
parent | 31b3edd003a6fd4aba0c7fd1428c062a3c57bec6 (diff) | |
download | nginx-be909c35b0b2ad737b701fde9c63105251800b14.tar.gz |
Merge of r4473:
Core: protection from cycles with named locations and post_action.
Now redirects to named locations are counted against normal uri changes
limit, and post_action respects this limit as well. As a result at least
the following (bad) configurations no longer trigger infinite cycles:
1. Post action which recursively triggers post action:
location / {
post_action /index.html;
}
2. Post action pointing to nonexistent named location:
location / {
post_action @nonexistent;
}
3. Recursive error page for 500 (Internal Server Error) pointing to
a nonexistent named location:
location / {
recursive_error_pages on;
error_page 500 @nonexistent;
return 500;
}
-rw-r--r-- | src/http/ngx_http_core_module.c | 10 | ||||
-rw-r--r-- | src/http/ngx_http_request.c | 4 |
2 files changed, 14 insertions, 0 deletions
diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c index 43e6f56fa..7a1751d06 100644 --- a/src/http/ngx_http_core_module.c +++ b/src/http/ngx_http_core_module.c @@ -2524,6 +2524,16 @@ ngx_http_named_location(ngx_http_request_t *r, ngx_str_t *name) ngx_http_core_main_conf_t *cmcf; r->main->count++; + r->uri_changes--; + + if (r->uri_changes == 0) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "rewrite or internal redirection cycle " + "while redirect to named location \"%V\"", name); + + ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); + return NGX_DONE; + } cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module); diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c index 13cabbad5..04c4165de 100644 --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -2898,6 +2898,10 @@ ngx_http_post_action(ngx_http_request_t *r) return NGX_DECLINED; } + if (r->post_action && r->uri_changes == 0) { + return NGX_DECLINED; + } + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "post action: \"%V\"", &clcf->post_action); |