SSI include infinite loop

[eagle sbc]

Hello,

Thanks for your reply! And I think the limit on the number is proper for
most of the conditions.

However in our case, the index page may have hundreds of SSI 'include'
(combined from lots of our sub sites), and the number limitation may not be
so proper.

So here I made a patch: For every 'include', a 'parents uri check' is made.
The patch is like this:

diff -crB nginx-0.7.65.org/src/http/modules/ngx_http_ssi_filter_module.cnginx-0.7.65.patch/src/http/modules/ngx_http_ssi_filter_module.c
*** nginx-0.7.65.org/src/http/modules/ngx_http_ssi_filter_module.c
2011-05-24 18:46:53.676370002 +0800
--- nginx-0.7.65.patch/src/http/modules/ngx_http_ssi_filter_module.c
2011-05-25 11:19:20.372370002 +0800
***************
*** 2024,2029 ****
--- 2024,2044 ----
          flags |= NGX_HTTP_SUBREQUEST_IN_MEMORY|NGX_HTTP_SUBREQUEST_WAITED;
      }

+     ngx_http_request_t *ir = r;
+     for(;ir != NULL;ir = ir->parent) {
+         ngx_log_debug4(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+                        " include path: %V, args: %V; parent path: %V,
args: %V",
+                        uri, &args, &ir->uri, &ir->args);
+         if (uri->len == ir->uri.len
+             && args.len == ir->args.len
+             && ngx_strncmp(uri->data, ir->uri.data, uri->len) == 0
+             && ngx_strncmp(args.data, ir->args.data, args.len) == 0) {
+             ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+                           "A loop include \"%V\" is found", uri);
+             return NGX_HTTP_SSI_ERROR;
+         }
+     }
+
      if (ngx_http_subrequest(r, uri, &args, &sr, psr, flags) != NGX_OK) {
          return NGX_HTTP_SSI_ERROR;
      }

Hope for any reply of my patch !

And thanks to my fellow 姚伟斌 for reminding me on the 'args' check!


On Tue, May 24, 2011 at 8:59 PM, Maxim Dounin <mdounin at mdounin.ru> wrote:

> Hello!
>
> On Tue, May 24, 2011 at 10:49:45AM +0800, eagle sbc wrote:
>
> > Hello,
> >
> > I've encountered a problem about "SSI include infinite loop".
> >
> > We have a system that our editors can compose a html page from some
> > templates using SSI. Sometimes unwarily combination will cause infinite
> > loop, such as 'A include A', 'A include B, B include A', or even 'A
> include
> > B, B include C, C include A'. And this page will cause nginx eating up
> all
> > memories, and certainly won't serve any more unless we restart nginx.
> >
> > I'm wondering is there any solution for this problem? Or other ways to
> avoid
> > this?
> >
> > I've googled apache and lighttpd, and there also no official solution for
> > this, unless lightptd has a patch which will limit the whole 'include'
> > count, and I think it's just a tricky way to fix the infinite loop.
> >
> > Thanks a lot for any help!
>
> Number of in-flight ssi includes used to be limited in nginx,
> though this limit was broken somewhere near 0.7.25.
>
> This patch brings it back:
>
> http://nginx.org/pipermail/nginx-devel/2011-February/000746.html
>
> Maxim Dounin
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx
>



-- 
自由是我生命之基石，尊重是我行为之准绳
也许我以千百种方式生活在这世上，但我坚守我人生之信仰
所以，我的朋友
请平视的看着我，带着你的微笑
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20110525/d001b274/attachment-0001.html>