Erroneous handling of long request uris?

Maxim Dounin mdounin at
Wed Feb 10 05:57:11 MSK 2010


On Tue, Feb 09, 2010 at 06:38:40PM -0500, mitch.socialcast wrote:


> Specifically notice that nginx does not return a HTTP status 
> code or any response header information, but does manage to 
> render and return the appropriate error page.  This leads me to 
> believe that nginx is attempting to protect itself from a buffer 
> overflow, but there might be a defect in the implementation.
> Also note that does not only affect the 0.8.x branch, as I've 
> reproduced the issue in 0.7.x and 0.6.x branches as well.
> Let me know if I can provide any further clarification, and 
> thanks for all the great work so far!

The reply in question is HTTP/0.9 reply, and that's why it doesn't 
contain headers and status code.  As nginx wasn't able to parse up 
to '... HTTP/1.1' trailer - it thinks it's HTTP/0.9 request (which 
doesn't have version information) and replies accordingly.

We may consider using HTTP/1.0 in such situations, but I don't 
think it actually matters.

Maxim Dounin

> Posted at Nginx Forum: 
> _______________________________________________
> nginx mailing list
> nginx at

More information about the nginx mailing list