Hello - and missing verification of configuration format / very tiny mem leak in limit_req config
Martin Frb
nginx at mfriebe.de
Sat Aug 23 18:03:32 UTC 2014
Hi,
My name is Martin. I am new to this list (obvious), and new to nginx as
well.
I hope this is the right place for the feedback I have, if not please
correct me. Well the below may be for the bugtracker. Except: It is yet
to be confirmed as bug, I was unable to find a way to register. (I do
not like the concept of open id / one service = one login = one password)
Here goes:
Looking through the code I came across:
src\http\modules\ngx_http_limit_req_module.c line 816
In function ngx_http_limit_req_zone
This parses the arguments to the config directive: limit_req_zone
If the line in the config has more than one entry starting with "$" then
in line 816 the previous value of cfg is lost
for (i = 1; i < cf->args->nelts; i++) { // line 752
...
if (value[i].data[0] == '$') { // line 811
...
ctx = ngx_pcalloc(cf->pool, sizeof(ngx_http_limit_req_ctx_t));
Of course normally this does not matter, since nginx will exit if the
config cannot be parsed (and thus free all memory)
Yet the below line is accepted by nginx.
limit_req_zone $nginx_version $binary_remote_addr zone=addr_foo:20m ;
In this case, reading the config, a single small block of memory is leaked.
This should probably be fixed by giving an error that this config is
malformed.
Btw, it also takes
limit_req_zone $nginx_version zone=addr_foo:20m zone=addr_foo:20m ;
Anything, that has 3 parameters. Any parameter can be repeated.
Best Regards
Martin
More information about the nginx
mailing list