[nginx] Resolver: limited CNAME recursion.
Maxim Dounin
mdounin at mdounin.ru
Tue Jan 26 16:27:46 UTC 2016
details: http://hg.nginx.org/nginx/rev/93d70d87914c
branches: stable-1.8
changeset: 6360:93d70d87914c
user: Ruslan Ermilov <ru at nginx.com>
date: Tue Jan 26 16:47:14 2016 +0300
description:
Resolver: limited CNAME recursion.
Previously, the recursion was only limited for cached responses.
diffstat:
src/core/ngx_resolver.c | 40 ++++++++++++++++++++++++++++------------
1 files changed, 28 insertions(+), 12 deletions(-)
diffs (56 lines):
diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
--- a/src/core/ngx_resolver.c
+++ b/src/core/ngx_resolver.c
@@ -1981,24 +1981,40 @@ ngx_resolver_process_a(ngx_resolver_t *r
ngx_queue_insert_head(&r->name_expire_queue, &rn->queue);
- ctx = rn->waiting;
- rn->waiting = NULL;
-
- if (ctx) {
-
- for (next = ctx; next; next = next->next) {
- next->node = NULL;
- }
-
- (void) ngx_resolve_name_locked(r, ctx, &name);
- }
-
ngx_resolver_free(r, rn->query);
rn->query = NULL;
#if (NGX_HAVE_INET6)
rn->query6 = NULL;
#endif
+ ctx = rn->waiting;
+ rn->waiting = NULL;
+
+ if (ctx) {
+
+ if (ctx->recursion++ >= NGX_RESOLVER_MAX_RECURSION) {
+
+ /* unlock name mutex */
+
+ do {
+ ctx->state = NGX_RESOLVE_NXDOMAIN;
+ next = ctx->next;
+
+ ctx->handler(ctx);
+
+ ctx = next;
+ } while (ctx);
+
+ return;
+ }
+
+ for (next = ctx; next; next = next->next) {
+ next->node = NULL;
+ }
+
+ (void) ngx_resolve_name_locked(r, ctx, &name);
+ }
+
/* unlock name mutex */
return;
More information about the nginx-devel
mailing list