The potential bug incurred by "one_addr".
Maxim Dounin
mdounin at mdounin.ru
Thu Dec 16 16:26:42 MSK 2010
Hello!
On Thu, Dec 16, 2010 at 03:36:15AM -0500, speedfirst wrote:
> In ngx_inet.c, there is a code piece of function
> "ngx_inet_resolve_host". If I set u->one_addr to 1, but unfortunately
> this hostname map to multiple IP addresses, such as
> [code]
> 10.37.4.92 myhost
> 127.0.0.1 myhost
> [/code]
> in /etc/hosts.
>
> h->h_addr_list will be 2 entries before NULL. Each of them will be
> converted to human readable format and assigned to u->addrs[ i ].
> However, when one_addr is set, [b]u->addrs will be allocated ONLY ONE
> ngx_addr_t mem.[/b] In this way, a mem crash is inevitable.
Thank you for your report. This bug had appeared in 0.5.0 (where
u->one_addr flag was introduced) and affects auth_http in mail
module (the only place currently use it in nginx).
Attached patch fixes it.
Maxim Dounin
-------------- next part --------------
# HG changeset patch
# User Maxim Dounin <mdounin at mdounin.ru>
# Date 1292505861 -10800
# Node ID e68041df72b078e52a68a9743d5c8ce1617e9695
# Parent b4fd734aa6be654a9555c8b9ae5e108b233cfe37
Fix u->one_addr handling in ngx_inet_resolve_host().
See report here:
http://nginx.org/pipermail/nginx/2010-December/024229.html
diff --git a/src/core/ngx_inet.c b/src/core/ngx_inet.c
--- a/src/core/ngx_inet.c
+++ b/src/core/ngx_inet.c
@@ -943,7 +943,7 @@ ngx_inet_resolve_host(ngx_pool_t *pool,
u->naddrs = i;
- for (i = 0; h->h_addr_list[i] != NULL; i++) {
+ for (i = 0; i < u->naddrs; i++) {
sin = ngx_pcalloc(pool, sizeof(struct sockaddr_in));
if (sin == NULL) {
More information about the nginx
mailing list