Possible DoS in nginx 0.5.31 with autoindex on;
Arkadiusz Patyk
areq at areq.eu.org
Sat Sep 22 22:01:31 MSD 2007
On Sat, 22 Sep 2007 21:41:50 +0400, you wrote:
>On Sat, Sep 22, 2007 at 07:15:26PM +0200, areq at areq.eu.org wrote:
>
>> I discovered than nginx don't close opened directory after HEAD:
>>
>> echo -e "HEAD / HTTP/1.1\r\nHost: pld.areq.eu.org\r\n\r\n" | nc
>> 10.9.31.6 80
>> lsof:
>> nginx 10066 nginx 21r DIR 9,0 18 402653312
>> /vol/mirror/ftp.pld-linux.org
>> nginx 10066 nginx 22r DIR 9,0 18 402653312
>> /vol/mirror/ftp.pld-linux.org
>>
>> each HEAD on dir increase number of opened files.
>
>Thank you. The attached patch fixes the bug.
Thank, now it's work fine.
Cheers,
--
Arkadiusz Patyk [areq<>pld-linux:org] [http://rescuecd.pld-linux.org/]
[IRC:areq skype:arekpatyk GG:1383 jid:arek<>patyk:net]
More information about the nginx
mailing list