Is nginx vulnerable to the Hash Table Vulnerability (n.runs AG)?
agentzh
agentzh at gmail.com
Sun Jan 1 14:20:59 UTC 2012
On Sun, Jan 1, 2012 at 1:58 PM, Justin Hart <onyxraven at gmail.com> wrote:
> Thank you for the confirmation - I read through the parts of code in
> question but wanted to get a second opinion.
>
> How about the lua and/or the perl modules? It looks as if they are
> using the nginx functions?
>
The current released versions of ngx_lua does have this vulnerability
in its ngx.req.get_uri_args() and ngx.req.get_post_args() functions.
I've already worked out a patch for these two functions in ngx_lua's
git max-args branch here:
https://github.com/chaoslawful/lua-nginx-module/commit/75876
With this patch, both of these functions will only parse 100 query
args at most. And one can specify a custom maximum number of args
parsed with an optional function argument (default to 100) and
enforcing unlimited parsing by specifying a zero number.
This patch (as well as this branch) will be merged into the master
branch in 3 Jan.
Best,
-agentzh
More information about the nginx
mailing list