Worrisome logfile entry

Igor Sysoev is at rambler-co.ru
Thu Aug 27 18:17:08 MSD 2009

On Thu, Aug 27, 2009 at 09:54:46AM -0400, adminlists at zer7.com wrote:

> Howdy all
> I was looking at my log file and noticed a bunch of requests for /..../, /...../, etc. Presumably 
> these are someone attempting to be malicious.
> Now, here's the problem. I tried these to see what would happen. All of them correctly give a 
> 404, *except*
> 2009/08/27 08:45:55 [emerg] 3648#5828: *2345 malloc() 4294967013 bytes failed (8: Not 
> enough storage is available to process this command), client:, server: (my 
> server), request: "GET /(some directory)/.../ HTTP/1.1", host: "(my server)"
> Evidently Nginx must get a negative number somehow for the length and malloc that. Only 
> happens with three dots.
> This might have security implications, so you should look at it.

Speak by error number and message you use nginx/Windows. What version ?
Before 0.8.6 nginx/Windows checked "/.../", since on Win95+ this is
equal to "/../../". However, in 0.8.7 the check was removed because
nginx/Windows does not support Win95+ family.

Could you show the exact request - "GET /(some directory)/.../ HTTP/1.1" ?

Igor Sysoev

More information about the nginx mailing list