From: Ruslan Ermilov Date: Tue, 26 Jan 2016 16:47:14 +0300 Subject: Resolver: limited CNAME recursion. Previously, the recursion was only limited for cached responses. --- src/core/ngx_resolver.c | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c index fde8887..f20ac17 100644 --- a/src/core/ngx_resolver.c +++ b/src/core/ngx_resolver.c @@ -1483,11 +1483,30 @@ ngx_resolver_process_a(ngx_resolver_t *r, u_char *buf, size_t last, ngx_queue_insert_head(&r->name_expire_queue, &rn->queue); + ngx_resolver_free(r, rn->query); + rn->query = NULL; + ctx = rn->waiting; rn->waiting = NULL; if (ctx) { + if (ctx->recursion++ >= NGX_RESOLVER_MAX_RECURSION) { + + /* unlock name mutex */ + + do { + ctx->state = NGX_RESOLVE_NXDOMAIN; + next = ctx->next; + + ctx->handler(ctx); + + ctx = next; + } while (ctx); + + return; + } + for (next = ctx; next; next = next->next) { next->node = NULL; } @@ -1495,9 +1514,6 @@ ngx_resolver_process_a(ngx_resolver_t *r, u_char *buf, size_t last, (void) ngx_resolve_name_locked(r, ctx, &name); } - ngx_resolver_free(r, rn->query); - rn->query = NULL; - return; }