File: 0008-Resolver-limited-CNAME-recursion.patch

package info (click to toggle)
nginx 1.6.2-5+deb8u1~bpo70+1
  • links: PTS, VCS
  • area: main
  • in suites: wheezy-backports
  • size: 13,340 kB
  • sloc: ansic: 144,236; perl: 7,373; sh: 1,325; ruby: 789; makefile: 137; asm: 48; awk: 36; cpp: 18
file content (60 lines) | stat: -rw-r--r-- 1,659 bytes parent folder | download | duplicates (3)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
From: Ruslan Ermilov <ru@nginx.com>
Date: Tue, 26 Jan 2016 16:47:14 +0300
Subject: Resolver: limited CNAME recursion.

Previously, the recursion was only limited for cached responses.
---
 src/core/ngx_resolver.c | 28 ++++++++++++++++++++++------
 1 file changed, 22 insertions(+), 6 deletions(-)

diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
index 2bd754c..25d643d 100644
--- a/src/core/ngx_resolver.c
+++ b/src/core/ngx_resolver.c
@@ -1976,11 +1976,33 @@ ngx_resolver_process_a(ngx_resolver_t *r, u_char *buf, size_t last,
 
         ngx_queue_insert_head(&r->name_expire_queue, &rn->queue);
 
+        ngx_resolver_free(r, rn->query);
+        rn->query = NULL;
+#if (NGX_HAVE_INET6)
+        rn->query6 = NULL;
+#endif
+
         ctx = rn->waiting;
         rn->waiting = NULL;
 
         if (ctx) {
 
+            if (ctx->recursion++ >= NGX_RESOLVER_MAX_RECURSION) {
+
+                /* unlock name mutex */
+
+                do {
+                    ctx->state = NGX_RESOLVE_NXDOMAIN;
+                    next = ctx->next;
+
+                    ctx->handler(ctx);
+
+                    ctx = next;
+                } while (ctx);
+
+                return;
+            }
+
             for (next = ctx; next; next = next->next) {
                 next->node = NULL;
             }
@@ -1988,12 +2010,6 @@ ngx_resolver_process_a(ngx_resolver_t *r, u_char *buf, size_t last,
             (void) ngx_resolve_name_locked(r, ctx, &name);
         }
 
-        ngx_resolver_free(r, rn->query);
-        rn->query = NULL;
-#if (NGX_HAVE_INET6)
-        rn->query6 = NULL;
-#endif
-
         /* unlock name mutex */
 
         return;