Hi,
I can see an issue in assigning the port_start and port_end members of
ngx_http_request_t inside ngx_http_parse_request_line().
If the request line has a absolute URI with explicit port specified,
then
port_end is set correctly inside ngx_http_parse_request_line():
…
case sw_port:
if (ch >= ‘0’ && ch <= ‘9’) {
break;
}
switch (ch) {
case '/':
r->port_end = p;
r->uri_start = p;
state = sw_after_slash_in_uri;
break;
…
However, r->port_start is still 0.
I think the following code should be modified:
…
case sw_host_end:
On Mon, Dec 15, 2014 at 07:45:06AM -0500, akamatgi wrote:
Hi,
I can see an issue in assigning the port_start and port_end members of
ngx_http_request_t inside ngx_http_parse_request_line().
If the request line has a absolute URI with explicit port specified, then
port_end is set correctly inside ngx_http_parse_request_line():
Both port_start and port_end are stubs and not currently used.
On Tuesday 16 December 2014 00:58:26 akamatgi wrote:
Hi Maxim/Valentin,
Thanks for your response.
Both port_start and port_end are being used by the mod_security nginx
module.
Failure to set port_start is causing a Segmentation Violation when
mod_security is enabled and a request with absolute URI is sent.
Well, that means that mod_security need to be fixed.
Hi Maxim/Valentin,
Thanks for your response.
Both port_start and port_end are being used by the mod_security nginx
module.
Failure to set port_start is causing a Segmentation Violation when
mod_security is enabled and a request with absolute URI is sent.
Thanks,
-anirudh