Worrisome logfile entry

adminlists at zer7.com adminlists at zer7.com
Thu Aug 27 17:54:46 MSD 2009


Howdy all

I was looking at my log file and noticed a bunch of requests for /..../, /...../, etc. Presumably 
these are someone attempting to be malicious.

Now, here's the problem. I tried these to see what would happen. All of them correctly give a 
404, *except*

2009/08/27 08:45:55 [emerg] 3648#5828: *2345 malloc() 4294967013 bytes failed (8: Not 
enough storage is available to process this command), client: 24.166.74.152, server: (my 
server), request: "GET /(some directory)/.../ HTTP/1.1", host: "(my server)"

Evidently Nginx must get a negative number somehow for the length and malloc that. Only 
happens with three dots.

This might have security implications, so you should look at it.

-James







More information about the nginx mailing list