Hello - and missing verification of configuration format / very tiny mem leak in limit_req config

Martin Frb nginx at mfriebe.de
Sat Aug 23 18:03:32 UTC 2014


Hi,

My name is Martin. I am new to this list (obvious), and new to nginx as 
well.
I hope this is the right place for the feedback I have, if not please 
correct me. Well the below may be for the bugtracker. Except: It is yet 
to be confirmed as bug, I was unable to find a way to register. (I do 
not like the concept of open id / one service = one login = one password)

Here goes:

Looking through the code I came across:
src\http\modules\ngx_http_limit_req_module.c  line 816
In function ngx_http_limit_req_zone

This parses the arguments to the config directive:   limit_req_zone

If the line in the config has more than one entry starting with "$" then 
in line  816 the previous value of cfg is lost
     for (i = 1; i < cf->args->nelts; i++) {  // line 752
...
         if (value[i].data[0] == '$') {  // line 811
...
             ctx = ngx_pcalloc(cf->pool, sizeof(ngx_http_limit_req_ctx_t));

Of course normally this does not matter, since nginx will exit if the 
config cannot be parsed (and thus free all memory)

Yet the below line is accepted by nginx.
   limit_req_zone  $nginx_version  $binary_remote_addr zone=addr_foo:20m  ;

In this case, reading the config, a single small block of memory is leaked.

This should probably be fixed by giving an error that this config is 
malformed.

Btw, it also takes
   limit_req_zone  $nginx_version   zone=addr_foo:20m zone=addr_foo:20m  ;

Anything, that has 3 parameters.  Any parameter can be repeated.


Best Regards
Martin



More information about the nginx mailing list