[BUG] Core dump for invalid proxy url

Maxim Dounin mdounin at mdounin.ru
Thu Jul 28 09:58:52 UTC 2011


On Thu, Jul 28, 2011 at 10:29:28AM +0800, lanshun zhou wrote:

> src/http/modules/ngx_http_proxy_module.c:645 in ngx_http_proxy_eval
> For some service the proxy url is specified by user from arguments. after
> ngx_http_script_run,  proxy.len may be smaller than "http://" without the
> terminating '\0'. For example, {len = 4, data = "http://abcdefg"}. It passes
> the
> schema check, but url.url.len = proxy.len - 7 becomes a very big number.
> the process will core during later memcpy.

Good catch, thank you.

Maxim Dounin

More information about the nginx-devel mailing list