DNS bug report
彭谦(研六 福州)
pengqian at ruijie.com.cn
Fri Apr 12 07:38:46 UTC 2013
Hi all,
Recently, we have tested the NGX reverse proxy by TestCenter and found a segmentation fault in DNS module.
BUG condition:
1. The rn link two(or more) ctxs, As we know the end ctx get a timeout event.
2. When rn recive a CNAME type response, it will create a new rn node.
3. The new rn link the same ctxs and send a query. Although the first ctx->name point the cname, the end ctx->name remain to point the original name.
4. The end ctx timeout occours, but it can't del from the new rn link for ctx->name point the original name.
5. The new rn recvice the response(code 2), it will call all ctx->handle. Unfortunately the end ctx has been freed, then the segmentation fault occurs.
svn diff
Index: ngx_resolver.c
===================================================================
--- ngx_resolver.c (revision 5170)
+++ ngx_resolver.c (working copy)
@@ -607,6 +607,7 @@
rn->waiting = ctx;
ctx->state = NGX_AGAIN;
+ ctx->next = NULL;
return NGX_AGAIN;
Thanks
Pengqian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20130412/f93b7fe9/attachment.html>
More information about the nginx-devel
mailing list