Re: Possible DoS in nginx 0.5.31 with autoindex on; - Igor Sysoev - ru.sysoev.nginx

3 messages in ru.sysoev.nginxRe: Possible DoS in nginx 0.5.31 with...

From	Sent On	Attachments
areq...@public.gmane.org	Sep 22, 2007 10:15 am
Igor Sysoev	Sep 22, 2007 10:41 am	.txt
Arkadiusz Patyk	Sep 22, 2007 11:01 am

	Permalink for this message Paste this link in email or IM:
	Permalink for this thread Paste this link in email or IM:
	Atom feed for this thread Paste this URL into your reader:

Subject:	Re: Possible DoS in nginx 0.5.31 with autoindex on;	Actions...
From:	Igor Sysoev (is-G...@public.gmane.org)
Date:	Sep 22, 2007 10:41:27 am
List:	ru.sysoev.nginx
Attachments:	patch-0.6.12.1.txt - 0.6k

On Sat, Sep 22, 2007 at 07:15:26PM +0200,
areq-If217g9+LgpA...@public.gmane.org wrote:

I discovered than nginx don't close opened directory after HEAD:

echo -e "HEAD / HTTP/1.1\r\nHost: pld.areq.eu.org\r\n\r\n" | nc 10.9.31.6 80 lsof: nginx 10066 nginx 21r DIR 9,0 18 402653312 /vol/mirror/ftp.pld-linux.org nginx 10066 nginx 22r DIR 9,0 18 402653312 /vol/mirror/ftp.pld-linux.org

each HEAD on dir increase number of opened files.

Thank you. The attached patch fixes the bug.

-- Igor Sysoev http://sysoev.ru/en/

Index: src/http/modules/ngx_http_autoindex_module.c =================================================================== --- src/http/modules/ngx_http_autoindex_module.c (revision 818) +++ src/http/modules/ngx_http_autoindex_module.c (working copy) @@ -236,6 +236,11 @@ rc = ngx_http_send_header(r);

if (rc == NGX_ERROR || rc > NGX_OK || r->header_only) { + if (ngx_close_dir(&dir) == NGX_ERROR) { + ngx_log_error(NGX_LOG_ALERT, r->connection->log, ngx_errno, + ngx_close_dir_n " \"%V\" failed", &path); + } + return rc; }

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets
	Permalink to these results Paste this link in email or IM:
	Atom feed for tracking future search results Paste this URL into your reader: