Mercurial > hg > nginx
view auto/summary @ 7060:1adc6b0d5eaa stable-1.12
Range filter: protect from total size overflows.
The overflow can be used to circumvent the restriction on total size of
ranges introduced in c2a91088b0c0 (1.1.2). Additionally, overflow
allows producing ranges with negative start (such ranges can be created
by using a suffix, "bytes=-100"; normally this results in 200 due to
the total size check). These can result in the following errors in logs:
[crit] ... pread() ... failed (22: Invalid argument)
[alert] ... sendfile() failed (22: Invalid argument)
When using cache, it can be also used to reveal cache file header.
It is believed that there are no other negative effects, at least with
standard nginx modules.
In theory, this can also result in memory disclosure and/or segmentation
faults if multiple ranges are allowed, and the response is returned in a
single in-memory buffer. This never happens with standard nginx modules
though, as well as known 3rd party modules.
Fix is to properly protect from possible overflow when incrementing size.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 11 Jul 2017 16:06:23 +0300 |
parents | 9eefb38f0005 |
children | 0b5f12d5c531 |
line wrap: on
line source
# Copyright (C) Igor Sysoev # Copyright (C) Nginx, Inc. echo echo "Configuration summary" if [ $USE_THREADS = YES ]; then echo " + using threads" fi if [ $USE_PCRE = DISABLED ]; then echo " + PCRE library is disabled" else case $PCRE in YES) echo " + using system PCRE library" ;; NONE) echo " + PCRE library is not used" ;; *) echo " + using PCRE library: $PCRE" ;; esac fi case $OPENSSL in YES) echo " + using system OpenSSL library" ;; NONE) echo " + OpenSSL library is not used" ;; *) echo " + using OpenSSL library: $OPENSSL" ;; esac case $ZLIB in YES) echo " + using system zlib library" ;; NONE) echo " + zlib library is not used" ;; *) echo " + using zlib library: $ZLIB" ;; esac case $NGX_LIBATOMIC in YES) echo " + using system libatomic_ops library" ;; NO) ;; # not used *) echo " + using libatomic_ops library: $NGX_LIBATOMIC" ;; esac echo cat << END nginx path prefix: "$NGX_PREFIX" nginx binary file: "$NGX_SBIN_PATH" nginx modules path: "$NGX_MODULES_PATH" nginx configuration prefix: "$NGX_CONF_PREFIX" nginx configuration file: "$NGX_CONF_PATH" nginx pid file: "$NGX_PID_PATH" END if test -n "$NGX_ERROR_LOG_PATH"; then echo " nginx error log file: \"$NGX_ERROR_LOG_PATH\"" else echo " nginx logs errors to stderr" fi cat << END nginx http access log file: "$NGX_HTTP_LOG_PATH" nginx http client request body temporary files: "$NGX_HTTP_CLIENT_TEMP_PATH" END if [ $HTTP_PROXY = YES ]; then echo " nginx http proxy temporary files: \"$NGX_HTTP_PROXY_TEMP_PATH\"" fi if [ $HTTP_FASTCGI = YES ]; then echo " nginx http fastcgi temporary files: \"$NGX_HTTP_FASTCGI_TEMP_PATH\"" fi if [ $HTTP_UWSGI = YES ]; then echo " nginx http uwsgi temporary files: \"$NGX_HTTP_UWSGI_TEMP_PATH\"" fi if [ $HTTP_SCGI = YES ]; then echo " nginx http scgi temporary files: \"$NGX_HTTP_SCGI_TEMP_PATH\"" fi echo "$NGX_POST_CONF_MSG"