[nginx] Resolver: limited CNAME recursion.

Maxim Dounin mdounin at mdounin.ru
Tue Jan 26 16:27:46 UTC 2016


details:   http://hg.nginx.org/nginx/rev/93d70d87914c
branches:  stable-1.8
changeset: 6360:93d70d87914c
user:      Ruslan Ermilov <ru at nginx.com>
date:      Tue Jan 26 16:47:14 2016 +0300
description:
Resolver: limited CNAME recursion.

Previously, the recursion was only limited for cached responses.

diffstat:

 src/core/ngx_resolver.c |  40 ++++++++++++++++++++++++++++------------
 1 files changed, 28 insertions(+), 12 deletions(-)

diffs (56 lines):

diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
--- a/src/core/ngx_resolver.c
+++ b/src/core/ngx_resolver.c
@@ -1981,24 +1981,40 @@ ngx_resolver_process_a(ngx_resolver_t *r
 
         ngx_queue_insert_head(&r->name_expire_queue, &rn->queue);
 
-        ctx = rn->waiting;
-        rn->waiting = NULL;
-
-        if (ctx) {
-
-            for (next = ctx; next; next = next->next) {
-                next->node = NULL;
-            }
-
-            (void) ngx_resolve_name_locked(r, ctx, &name);
-        }
-
         ngx_resolver_free(r, rn->query);
         rn->query = NULL;
 #if (NGX_HAVE_INET6)
         rn->query6 = NULL;
 #endif
 
+        ctx = rn->waiting;
+        rn->waiting = NULL;
+
+        if (ctx) {
+
+            if (ctx->recursion++ >= NGX_RESOLVER_MAX_RECURSION) {
+
+                /* unlock name mutex */
+
+                do {
+                    ctx->state = NGX_RESOLVE_NXDOMAIN;
+                    next = ctx->next;
+
+                    ctx->handler(ctx);
+
+                    ctx = next;
+                } while (ctx);
+
+                return;
+            }
+
+            for (next = ctx; next; next = next->next) {
+                next->node = NULL;
+            }
+
+            (void) ngx_resolve_name_locked(r, ctx, &name);
+        }
+
         /* unlock name mutex */
 
         return;



More information about the nginx-devel mailing list