Possible DoS in nginx 0.5.31 with autoindex on;

Arkadiusz Patyk areq at areq.eu.org
Sat Sep 22 22:01:31 MSD 2007


On Sat, 22 Sep 2007 21:41:50 +0400, you wrote:

>On Sat, Sep 22, 2007 at 07:15:26PM +0200, areq at areq.eu.org wrote:
>
>> I discovered than nginx don't close opened directory after HEAD:
>> 
>>  echo -e "HEAD / HTTP/1.1\r\nHost: pld.areq.eu.org\r\n\r\n" | nc
>> 10.9.31.6 80
>> lsof:
>> nginx     10066 nginx   21r      DIR        9,0       18  402653312
>> /vol/mirror/ftp.pld-linux.org
>> nginx     10066 nginx   22r      DIR        9,0       18  402653312
>> /vol/mirror/ftp.pld-linux.org
>> 
>> each HEAD on dir increase number of opened files.
>
>Thank you. The attached patch fixes the bug.

Thank, now it's work fine.

Cheers,
-- 
Arkadiusz Patyk [areq<>pld-linux:org] [http://rescuecd.pld-linux.org/]
[IRC:areq skype:arekpatyk  GG:1383 jid:arek<>patyk:net]





More information about the nginx mailing list