Possible DoS in nginx 0.5.31 with autoindex on;
Igor Sysoev
is at rambler-co.ru
Sat Sep 22 21:41:50 MSD 2007
On Sat, Sep 22, 2007 at 07:15:26PM +0200, areq at areq.eu.org wrote:
> I discovered than nginx don't close opened directory after HEAD:
>
> echo -e "HEAD / HTTP/1.1\r\nHost: pld.areq.eu.org\r\n\r\n" | nc
> 10.9.31.6 80
> lsof:
> nginx 10066 nginx 21r DIR 9,0 18 402653312
> /vol/mirror/ftp.pld-linux.org
> nginx 10066 nginx 22r DIR 9,0 18 402653312
> /vol/mirror/ftp.pld-linux.org
>
> each HEAD on dir increase number of opened files.
Thank you. The attached patch fixes the bug.
--
Igor Sysoev
http://sysoev.ru/en/
-------------- next part --------------
Index: src/http/modules/ngx_http_autoindex_module.c
===================================================================
--- src/http/modules/ngx_http_autoindex_module.c (revision 818)
+++ src/http/modules/ngx_http_autoindex_module.c (working copy)
@@ -236,6 +236,11 @@
rc = ngx_http_send_header(r);
if (rc == NGX_ERROR || rc > NGX_OK || r->header_only) {
+ if (ngx_close_dir(&dir) == NGX_ERROR) {
+ ngx_log_error(NGX_LOG_ALERT, r->connection->log, ngx_errno,
+ ngx_close_dir_n " \"%V\" failed", &path);
+ }
+
return rc;
}
More information about the nginx
mailing list