stable
Clone or download
Read-only
request #12562: Default nginx configuration for plugins might serve requests to the wrong plugin
Currently if two plugins starts by the same name the plugin with the shortest name can serve requests that were destined for the plugin with the longest name. The issue can be made visible by declaring a route under /plugins/graphontrackersv5 and having the legacy graph on trackers plugin enabled. Also the current configuration is not sane because it potentially exposes to "nginx off-by-slash" kind of issue [0]. [0] [PDF] https://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf Change-Id: Ic554c1f0644498603fcffce9b3627bb55e982f60
Modified Files
| Name | ||||
|---|---|---|---|---|
| M | plugins/bugzilla_reference/etc/nginx/bugzilla_reference.conf | +3 | −3 | Go to diff View file |
| M | plugins/captcha/etc/nginx/captcha.conf | +3 | −3 | Go to diff View file |
| M | plugins/git/etc/nginx/git.conf | +5 | −5 | Go to diff View file |
| M | plugins/mediawiki/etc/nginx/mediawiki.conf | +6 | −6 | Go to diff View file |
| M | plugins/pullrequest/etc/nginx/pullrequest.conf | +3 | −3 | Go to diff View file |
| M | plugins/statistics/etc/nginx/statistics.conf | +2 | −2 | Go to diff View file |
| M | plugins/svn/etc/nginx/svn.conf | +2 | −2 | Go to diff View file |
| M | plugins/tracker/etc/nginx/tracker.conf | +3 | −3 | Go to diff View file |
| M | plugins/userlog/etc/nginx/userlog.conf | +3 | −3 | Go to diff View file |
| M | src/etc/nginx/plugin.conf.dist | +3 | −3 | Go to diff View file |
| M | src/etc/nginx/tuleap.d/03-locations.conf | +7 | −7 | Go to diff View file |
| M | src/etc/nginx/tuleap.d/05-viewvc-tuleap-theme.conf | +2 | −2 | Go to diff View file |
| M | src/etc/nginx/tuleap.d/07-mailman.conf | +2 | −2 | Go to diff View file |