Erroneous handling of long request uris?
Maxim Dounin
mdounin at mdounin.ru
Wed Feb 10 05:57:11 MSK 2010
Hello!
On Tue, Feb 09, 2010 at 06:38:40PM -0500, mitch.socialcast wrote:
[...]
> Specifically notice that nginx does not return a HTTP status
> code or any response header information, but does manage to
> render and return the appropriate error page. This leads me to
> believe that nginx is attempting to protect itself from a buffer
> overflow, but there might be a defect in the implementation.
>
> Also note that does not only affect the 0.8.x branch, as I've
> reproduced the issue in 0.7.x and 0.6.x branches as well.
>
> Let me know if I can provide any further clarification, and
> thanks for all the great work so far!
The reply in question is HTTP/0.9 reply, and that's why it doesn't
contain headers and status code. As nginx wasn't able to parse up
to '... HTTP/1.1' trailer - it thinks it's HTTP/0.9 request (which
doesn't have version information) and replies accordingly.
We may consider using HTTP/1.0 in such situations, but I don't
think it actually matters.
Maxim Dounin
>
> Posted at Nginx Forum:
> http://forum.nginx.org/read.php?2,52862,52862#msg-52862
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx
More information about the nginx
mailing list