Erroneous handling of long request uris?
mdounin at mdounin.ru
Wed Feb 10 05:57:11 MSK 2010
On Tue, Feb 09, 2010 at 06:38:40PM -0500, mitch.socialcast wrote:
> Specifically notice that nginx does not return a HTTP status
> code or any response header information, but does manage to
> render and return the appropriate error page. This leads me to
> believe that nginx is attempting to protect itself from a buffer
> overflow, but there might be a defect in the implementation.
> Also note that does not only affect the 0.8.x branch, as I've
> reproduced the issue in 0.7.x and 0.6.x branches as well.
> Let me know if I can provide any further clarification, and
> thanks for all the great work so far!
The reply in question is HTTP/0.9 reply, and that's why it doesn't
contain headers and status code. As nginx wasn't able to parse up
to '... HTTP/1.1' trailer - it thinks it's HTTP/0.9 request (which
doesn't have version information) and replies accordingly.
We may consider using HTTP/1.0 in such situations, but I don't
think it actually matters.
> Posted at Nginx Forum:
> nginx mailing list
> nginx at nginx.org
More information about the nginx