From 40fd850ed47d605df48b7c785a2a5a554e693296 Mon Sep 17 00:00:00 2001
From: lijunlong <zhuizhuhaomeng@gmail.com>
Date: Thu, 14 May 2020 15:27:10 +0800
Subject: [PATCH] add set_uri patch

---
 .../nginx-1.17.8-set_uri_security_issue.patch | 37 +++++++++++++++++++
 util/mirror-tarballs                          |  7 ++++
 2 files changed, 44 insertions(+)
 create mode 100644 patches/nginx-1.17.8-set_uri_security_issue.patch

diff --git a/patches/nginx-1.17.8-set_uri_security_issue.patch b/patches/nginx-1.17.8-set_uri_security_issue.patch
new file mode 100644
index 0000000..6dccb42
--- /dev/null
+++ b/patches/nginx-1.17.8-set_uri_security_issue.patch
@@ -0,0 +1,37 @@
+diff --git a/src/http/modules/ngx_http_static_module.c b/src/http/modules/ngx_http_static_module.c
+index 282d6ee..cb033bd 100644
+--- a/src/http/modules/ngx_http_static_module.c
++++ b/src/http/modules/ngx_http_static_module.c
+@@ -44,6 +44,20 @@ ngx_module_t  ngx_http_static_module = {
+     NGX_MODULE_V1_PADDING
+ };
+ 
++static ngx_int_t
++ngx_http_check_safe_location(u_char *str, size_t len)
++{
++    u_char ch;
++    size_t i;
++
++    for (i = 0; i < len; i++) {
++        ch = str[i];
++        if (ch <= 31 || ch == 127) {
++            return NGX_ERROR;
++        }
++    }
++    return NGX_OK;
++}
+ 
+ static ngx_int_t
+ ngx_http_static_handler(ngx_http_request_t *r)
+@@ -182,7 +196,10 @@ ngx_http_static_handler(ngx_http_request_t *r)
+                 ngx_memcpy(++last, r->args.data, r->args.len);
+             }
+         }
+-
++        if (ngx_http_check_safe_location(location, len) != NGX_OK) {
++            ngx_http_clear_location(r);
++            return NGX_HTTP_INTERNAL_SERVER_ERROR;
++        } 
+         r->headers_out.location->hash = 1;
+         ngx_str_set(&r->headers_out.location->key, "Location");
+         r->headers_out.location->value.len = len;
diff --git a/util/mirror-tarballs b/util/mirror-tarballs
index 372a26b..9f0f048 100755
--- a/util/mirror-tarballs
+++ b/util/mirror-tarballs
@@ -443,6 +443,13 @@ fi
 
 rm -f *.patch || exit 1
 
+answer=`$root/util/ver-ge "$main_ver" 1.17.8`
+if [ "$answer" = "Y" ]; then
+    echo "$info_txt applying the always_enable_cc_feature_tests patch to nginx"
+    patch -p1 < $root/patches/nginx-$main_ver-set_uri_security_issue.patch
+    echo
+fi
+
 echo "$info_txt applying the always_enable_cc_feature_tests patch to nginx"
 patch -p1 < $root/patches/nginx-$main_ver-always_enable_cc_feature_tests.patch
 echo