bugfix: allow the use of spaces in 'ngx.req.set_uri()'.

Signed-off-by: Thibault Charbonnier <[email protected]>

Author: doujiang24

src/ngx_http_lua_control.c

@@ -239,8 +239,8 @@ ngx_http_lua_ngx_redirect(lua_State *L)
                           "the headers");
     }
 
-    if (ngx_http_lua_check_unsafe_header(r, p, len) != NGX_OK) {
-        return luaL_error(L, "attempt to use unsafe uri");
+    if (ngx_http_lua_check_unsafe_string(r, p, len, "redirect uri") != NGX_OK) {
+        return luaL_error(L, "attempt to set unsafe redirect uri");
     }
 
     uri = ngx_palloc(r->pool, len);

src/ngx_http_lua_headers_in.c

@@ -658,8 +658,10 @@ ngx_http_lua_set_input_header(ngx_http_request_t *r, ngx_str_t key,
 
     dd("set header value: %.*s", (int) value.len, value.data);
 
-    if (ngx_http_lua_check_unsafe_header(r, key.data, key.len) != NGX_OK
-        || ngx_http_lua_check_unsafe_header(r, value.data, value.len) != NGX_OK)
+    if (ngx_http_lua_check_unsafe_string(r, key.data, key.len,
+                                         "header name") != NGX_OK
+        || ngx_http_lua_check_unsafe_string(r, value.data, value.len,
+                                            "header value") != NGX_OK)
     {
         return NGX_ERROR;
     }

src/ngx_http_lua_headers_out.c

@@ -491,8 +491,10 @@ ngx_http_lua_set_output_header(ngx_http_request_t *r, ngx_http_lua_ctx_t *ctx,
 
     dd("set header value: %.*s", (int) value.len, value.data);
 
-    if (ngx_http_lua_check_unsafe_header(r, key.data, key.len) != NGX_OK
-        || ngx_http_lua_check_unsafe_header(r, value.data, value.len) != NGX_OK)
+    if (ngx_http_lua_check_unsafe_string(r, key.data, key.len,
+                                         "header name") != NGX_OK
+        || ngx_http_lua_check_unsafe_string(r, value.data, value.len,
+                                            "header value") != NGX_OK)
     {
         return NGX_ERROR;
     }

src/ngx_http_lua_uri.c

@@ -16,8 +16,6 @@
 
 
 static int ngx_http_lua_ngx_req_set_uri(lua_State *L);
-static ngx_inline ngx_int_t ngx_http_lua_check_unsafe_uri(ngx_http_request_t *r,
-    u_char *str, size_t len);
 
 
 void
@@ -57,8 +55,8 @@ ngx_http_lua_ngx_req_set_uri(lua_State *L)
         return luaL_error(L, "attempt to use zero-length uri");
     }
 
-    if (ngx_http_lua_check_unsafe_uri(r, p, len) != NGX_OK) {
-        return luaL_error(L, "attempt to use unsafe uri");
+    if (ngx_http_lua_check_unsafe_string(r, p, len, "uri") != NGX_OK) {
+        return luaL_error(L, "attempt to set unsafe uri");
     }
 
     if (n == 2) {
@@ -114,56 +112,4 @@ ngx_http_lua_ngx_req_set_uri(lua_State *L)
 }
 
 
-static ngx_inline ngx_int_t
-ngx_http_lua_check_unsafe_uri(ngx_http_request_t *r, u_char *str, size_t len)
-{
-    size_t           i, buf_len;
-    u_char           c;
-    u_char          *buf, *src = str;
-
-                     /* %00-%1F, " ", %7F */
-
-    static uint32_t  unsafe[] = {
-        0xffffffff, /* 1111 1111 1111 1111  1111 1111 1111 1111 */
-
-                    /* ?>=< ;:98 7654 3210  /.-, +*)( '&%$ #"!  */
-        0x00000001, /* 0000 0000 0000 0000  0000 0000 0000 0001 */
-
-                    /* _^]\ [ZYX WVUT SRQP  ONML KJIH GFED CBA@ */
-        0x00000000, /* 0000 0000 0000 0000  0000 0000 0000 0000 */
-
-                    /*  ~}| {zyx wvut srqp  onml kjih gfed cba` */
-        0x80000000, /* 1000 0000 0000 0000  0000 0000 0000 0000 */
-
-        0x00000000, /* 0000 0000 0000 0000  0000 0000 0000 0000 */
-        0x00000000, /* 0000 0000 0000 0000  0000 0000 0000 0000 */
-        0x00000000, /* 0000 0000 0000 0000  0000 0000 0000 0000 */
-        0x00000000  /* 0000 0000 0000 0000  0000 0000 0000 0000 */
-    };
-
-    for (i = 0; i < len; i++, str++) {
-        c = *str;
-        if (unsafe[c >> 5] & (1 << (c & 0x1f))) {
-            buf_len = ngx_http_lua_escape_log(NULL, src, len);
-            buf = ngx_palloc(r->pool, buf_len);
-            if (buf == NULL) {
-                return NGX_ERROR;
-            }
-
-            ngx_http_lua_escape_log(buf, src, len);
-
-            ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
-                          "unsafe byte \"0x%uxd\" in uri \"%*s\"",
-                          (unsigned) c, buf_len, buf);
-
-            ngx_pfree(r->pool, buf);
-
-            return NGX_ERROR;
-        }
-    }
-
-    return NGX_OK;
-}
-
-
 /* vi:set ft=c ts=4 sw=4 et fdm=marker: */

src/ngx_http_lua_util.h

@@ -490,7 +490,8 @@ ngx_inet_get_port(struct sockaddr *sa)
 
 
 static ngx_inline ngx_int_t
-ngx_http_lua_check_unsafe_header(ngx_http_request_t *r, u_char *str, size_t len)
+ngx_http_lua_check_unsafe_string(ngx_http_request_t *r, u_char *str, size_t len,
+    const char *name)
 {
     size_t           i, buf_len;
     u_char           c;
@@ -528,8 +529,8 @@ ngx_http_lua_check_unsafe_header(ngx_http_request_t *r, u_char *str, size_t len)
             ngx_http_lua_escape_log(buf, src, len);
 
             ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
-                          "unsafe byte \"0x%uxd\" in header \"%*s\"",
-                          (unsigned) c, buf_len, buf);
+                          "unsafe byte \"0x%uxd\" in %s \"%*s\"",
+                          (unsigned) c, name, buf_len, buf);
 
             ngx_pfree(r->pool, buf);
 

t/016-resp-header.t

@@ -1982,7 +1982,7 @@ header:
 foo:
 bar:
 --- error_log
-unsafe byte "0xd" in header "value\x0Dfoo:bar\x0Abar:foo"
+unsafe byte "0xd" in header value "value\x0Dfoo:bar\x0Abar:foo"
 failed to set header
 
 
@@ -2003,7 +2003,7 @@ header:
 foo:
 bar:
 --- error_log
-unsafe byte "0xa" in header "value\x0Afoo:bar\x0Dbar:foo"
+unsafe byte "0xa" in header value "value\x0Afoo:bar\x0Dbar:foo"
 failed to set header
 
 
@@ -2024,7 +2024,7 @@ header:
 foo:
 bar:
 --- error_log
-unsafe byte "0xd" in header "header: value\x0Dfoo:bar\x0Abar:foo"
+unsafe byte "0xd" in header name "header: value\x0Dfoo:bar\x0Abar:foo"
 failed to set header
 
 
@@ -2045,7 +2045,7 @@ header:
 foo:
 bar:
 --- error_log
-unsafe byte "0xa" in header "header: value\x0Afoo:bar\x0Dbar:foo"
+unsafe byte "0xa" in header name "header: value\x0Afoo:bar\x0Dbar:foo"
 failed to set header
 
 
@@ -2066,7 +2066,7 @@ header:
 foo:
 bar:
 --- error_log
-unsafe byte "0xd" in header "\x0Dheader: value\x0Dfoo:bar\x0Abar:foo"
+unsafe byte "0xd" in header name "\x0Dheader: value\x0Dfoo:bar\x0Abar:foo"
 failed to set header
 
 
@@ -2087,7 +2087,7 @@ header:
 foo:
 bar:
 --- error_log
-unsafe byte "0xa" in header "\x0Aheader: value\x0Afoo:bar\x0Dbar:foo"
+unsafe byte "0xa" in header name "\x0Aheader: value\x0Afoo:bar\x0Dbar:foo"
 failed to set header
 
 
@@ -2111,5 +2111,5 @@ foo:
 xx:
 xxx:
 --- error_log
-unsafe byte "0xa" in header "foo\x0Axx:bar"
+unsafe byte "0xa" in header value "foo\x0Axx:bar"
 failed to set header

t/022-redirect.t

@@ -339,8 +339,8 @@ Location:
 foo:
 bar:
 --- error_log
-unsafe byte "0xd" in header "http://agentzh.org/foo\x0Dfoo:bar\x0Abar:foo"
-attempt to use unsafe uri
+unsafe byte "0xd" in redirect uri "http://agentzh.org/foo\x0Dfoo:bar\x0Abar:foo"
+attempt to set unsafe redirect uri
 
 
 
@@ -360,8 +360,8 @@ Location:
 foo:
 bar:
 --- error_log
-unsafe byte "0xa" in header "http://agentzh.org/foo\x0Afoo:bar\x0Dbar:foo"
-attempt to use unsafe uri
+unsafe byte "0xa" in redirect uri "http://agentzh.org/foo\x0Afoo:bar\x0Dbar:foo"
+attempt to set unsafe redirect uri
 
 
 
@@ -380,8 +380,8 @@ GET /t
 Location:
 foo:
 --- error_log
-unsafe byte "0xa" in header "\x0Afoo:http://agentzh.org/foo"
-attempt to use unsafe uri
+unsafe byte "0xa" in redirect uri "\x0Afoo:http://agentzh.org/foo"
+attempt to set unsafe redirect uri
 
 
 
@@ -400,8 +400,8 @@ GET /t
 Location:
 foo:
 --- error_log
-unsafe byte "0xd" in header "\x0Dfoo:http://agentzh.org/foo"
-attempt to use unsafe uri
+unsafe byte "0xd" in redirect uri "\x0Dfoo:http://agentzh.org/foo"
+attempt to set unsafe redirect uri
 
 
 
@@ -420,5 +420,5 @@ GET /t
 Location:
 foo:
 --- error_log
-unsafe byte "0xd" in header "\x0Dhttp\x5C://\x22agentzh.org\x22/foo"
-attempt to use unsafe uri
+unsafe byte "0xd" in redirect uri "\x0Dhttp\x5C://\x22agentzh.org\x22/foo"
+attempt to set unsafe redirect uri

t/028-req-header.t

@@ -2046,7 +2046,7 @@ new
 GET /req-header
 --- error_code: 500
 --- error_log
-unsafe byte "0xd" in header "Foo\x0Dfoo"
+unsafe byte "0xd" in header name "Foo\x0Dfoo"
 failed to set header
 
 
@@ -2064,7 +2064,7 @@ failed to set header
 GET /req-header
 --- error_code: 500
 --- error_log
-unsafe byte "0xa" in header "new\x0Avalue"
+unsafe byte "0xa" in header value "new\x0Avalue"
 failed to set header
 
 
@@ -2084,7 +2084,7 @@ failed to set header
 GET /req-header
 --- error_code: 500
 --- error_log
-unsafe byte "0xa" in header "new\x0Avalue"
+unsafe byte "0xa" in header value "new\x0Avalue"
 failed to set header
 
 
@@ -2104,5 +2104,5 @@ failed to set header
 GET /req-header
 --- error_code: 500
 --- error_log
-unsafe byte "0xa" in header "\x22new\x0Avalue\x5C\x22"
+unsafe byte "0xa" in header value "\x22new\x0Avalue\x5C\x22"
 failed to set header

t/030-uri-args.t

@@ -9,7 +9,7 @@ log_level('warn');
 repeat_each(2);
 #repeat_each(1);
 
-plan tests => repeat_each() * (blocks() * 2 + 20);
+plan tests => repeat_each() * (blocks() * 2 + 21);
 
 no_root_location();
 
@@ -1571,15 +1571,15 @@ args: foo=%2C%24%40%7C%60&bar=-_.!~*'()
 --- error_code: 500
 --- error_log
 unsafe byte "0x9" in uri "/foo\x09bar"
-attempt to use unsafe uri
+attempt to set unsafe uri
 
 
 
-=== TEST 59: set_uri with unsafe uri (with ' ')
+=== TEST 59: set_uri with unsafe uri (with '\0')
 --- config
     location /t {
         content_by_lua_block {
-            local new_uri = "/foo bar"
+            local new_uri = '\0foo'
             ngx.req.set_uri(new_uri)
             ngx.say(ngx.var.uri)
         }
@@ -1588,5 +1588,32 @@ attempt to use unsafe uri
     GET /t
 --- error_code: 500
 --- error_log
-unsafe byte "0x20" in uri "/foo bar"
-attempt to use unsafe uri
+unsafe byte "0x0" in uri "\x00foo"
+attempt to set unsafe uri
+
+
+
+=== TEST 60: set_uri with safe uri (with ' ')
+--- config
+    location /t {
+        rewrite_by_lua_block {
+            local new_uri = "/foo bar"
+            ngx.req.set_uri(new_uri)
+        }
+
+        proxy_pass http://127.0.0.1:$TEST_NGINX_SERVER_PORT;
+    }
+
+    location /foo {
+        content_by_lua_block {
+            ngx.say("request_uri: ", ngx.var.request_uri)
+            ngx.say("uri: ", ngx.var.uri)
+        }
+    }
+--- request
+    GET /t
+--- response_body
+request_uri: /foo%20bar
+uri: /foo bar
+--- no_error_log
+[error]

t/113-req-header-cookie.t

@@ -265,7 +265,7 @@ Cookie: boo=123; foo=bar
 GET /t
 --- error_code: 500
 --- error_log
-unsafe byte "0xa" in header "boo=123\x0Afoo"
+unsafe byte "0xa" in header value "boo=123\x0Afoo"
 failed to set header
 --- no_error_log
 [crit]