DNS bug report
pengqian at ruijie.com.cn
Fri Apr 12 07:38:46 UTC 2013
Recently, we have tested the NGX reverse proxy by TestCenter and found a segmentation fault in DNS module.
1. The rn link two(or more) ctxs, As we know the end ctx get a timeout event.
2. When rn recive a CNAME type response, it will create a new rn node.
3. The new rn link the same ctxs and send a query. Although the first ctx->name point the cname, the end ctx->name remain to point the original name.
4. The end ctx timeout occours, but it can't del from the new rn link for ctx->name point the original name.
5. The new rn recvice the response(code 2), it will call all ctx->handle. Unfortunately the end ctx has been freed, then the segmentation fault occurs.
--- ngx_resolver.c (revision 5170)
+++ ngx_resolver.c (working copy)
@@ -607,6 +607,7 @@
rn->waiting = ctx;
ctx->state = NGX_AGAIN;
+ ctx->next = NULL;
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nginx-devel