Opened 11 years ago

Last modified 15 months ago

#239 accepted enhancement

Support for large (> 64k) FastCGI requests

Reported by: https://stackoverflow.com/users/573152/bernard-rosset Owned by: somebody
Priority: minor Milestone:
Component: nginx-module Version:
Keywords: FastCGI, large Cc:
uname -a: Useless, but let's fill up the form :oP

Windows
nginx -V: Useless, but let's fill up the form :oP

nginx version: nginx/1.2.4
TLS SNI support enabled
configure arguments: --with-cc=cl --builddir=objs.msvc8 --with-debug --prefix= --conf-path=conf/nginx.conf --pid-path=logs/nginx.pid --http-log-path=logs/access.log --error-log-path=logs/error.log --sbin-path=nginx.exe --http-client-body-temp-path=temp/client_body_temp --http-proxy-temp-path=temp/proxy_temp --http-fastcgi-temp-path=temp/fastcgi_temp --http-scgi-temp-path=temp/scgi_temp --http-uwsgi-temp-path=temp/uwsgi_temp --with-cc-opt=-DFD_SETSIZE=1024 --with-pcre=objs.msvc8/lib/pcre-8.31 --with-zlib=objs.msvc8/lib/zlib-1.2.7 --with-select_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_stub_status_module --with-http_flv_module --with-http_mp4_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-mail --with-openssl=objs.msvc8/lib/openssl-1.0.1c --with-openssl-opt=enable-tlsext --with-http_ssl_module --with-mail_ssl_module --with-ipv6

Description

Currently, a hardcoded limit returns a '[alert] fastcgi request record is too big:...' message on the error output when requests larger than 64k are tempted to be sent with Nginx.

The improvement would be to handle larger requests based on configuration, if possible.
Something similar to the work already done on output uffers would be nice.

The only current workaround is not to use FastCGI, ie revert to some Apache for example, which is a huge step backwards...

Change History (6)

comment:1 by Maxim Dounin, 11 years ago

Component: nginx-corenginx-module
Milestone: 1.2.51.3
Priority: majorminor
Status: newaccepted
Version: 1.2.x

The limit is due to nginx isn't yet capable of creating fastcgi requests with headers split over multiple fastcgi records (maximum record size allowed by the fastcgi protocol is 64k). Though it limits size of request headers only, request body isn't limited.

While requests with headers larger than 64k in total isn't strictly impossible (and it would be good to support them), it's highly uncommon and usually indicate some coding problem. In particular, nginx by default will return error if request headers are larger than 33k, see client_header_buffer_size and large_client_header_buffers.

Could you please elaborate a bit more on how you are getting the alert in question, i.e. is it normal in your case that request headers are that big?

comment:2 by https://stackoverflow.com/users/573152/bernard-rosset, 11 years ago

It is normal I have huge headers since I code the client that way, using GET requests to transmit data.

You are right though, that's a poor coding behavior. :oP
I'll look into transforming those requests as POST ones to transfer content from headers to body. (URI containing 33k characters :oP)

I hope using POST as a workaround will work though, the bottle neck is the fastcgi limitation, since my output buffers have already been tweaked.

comment:3 by sebunger44@…, 7 years ago

Is there any way we can get this fixed? This prevents NginX from hosting such services as mercurial.

Also wanted to point out that NginX actually CRASHES (with a double free) in this case. So that may also indicate some security implications here.

I'm on fully up-to-date Ubuntu 16.04. My NginX server config is:

server {
   listen 80;
   server_name hg.our.internal.domain;
   large_client_header_buffers 64 1k;

   location / {
      include /etc/nginx/fastcgi_params;
      fastcgi_param SCRIPT_NAME /;
      fastcgi_pass unix:/var/run/hgserve.sock;
      fastcgi_keep_conn on;
   }

   location /static/ {
      alias /home/mercurial/repos/hgadmin/web-templates/static/;
      expires 1h;
   }
}

Behind the socket runs an FCGI server started with this command line:

spawn-fcgi -d /home/mercurial -s /var/run/hgserve.sock -u hg -g hg -U www-data -G www-data -n -- /home/mercurial/repos/hgadmin/hgweb.fcgi

And finally, the FCGI executable is a small python snippet that uses the system mercurial package:

#!/usr/bin/env python
from mercurial import demandimport; demandimport.enable()
from mercurial.hgweb import hgweb
from flup.server.fcgi import WSGIServer

WSGIServer(hgweb("/home/mercurial/repos/hgadmin/hgweb.conf")).run()

The resulting log entry is:

2017/08/03 12:44:17 [alert] 3381#3381: *1 fastcgi request record is too big: 65862, client: 172.16.188.153, server: hg.terminals.taitradio.net, request: "GET /Terminals/Firmware.Unpublished/?cmd=getbundle HTTP/1.1", host: "hg2.terminals.taitradio.net"
*** Error in `nginx: worker process': double free or corruption (!prev): 0x0000561e3d895c90 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x777e5)[0x7f5132f4c7e5]
/lib/x86_64-linux-gnu/libc.so.6(+0x8037a)[0x7f5132f5537a]
/lib/x86_64-linux-gnu/libc.so.6(cfree+0x4c)[0x7f5132f5953c]
nginx: worker process(ngx_destroy_pool+0x127)[0x561e3bddb4c7]
nginx: worker process(+0x64d9e)[0x561e3be18d9e]
nginx: worker process(ngx_event_process_posted+0x53)[0x561e3bdf8373]
nginx: worker process(+0x4bd35)[0x561e3bdffd35]
nginx: worker process(ngx_spawn_process+0x18d)[0x561e3bdfe6dd]
nginx: worker process(+0x4bff0)[0x561e3bdffff0]
nginx: worker process(ngx_master_process_cycle+0x1bd)[0x561e3be00e2d]
nginx: worker process(main+0xa91)[0x561e3bdd8c31]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7f5132ef5830]
nginx: worker process(_start+0x29)[0x561e3bdd8e19]
======= Memory map: ========
561e3bdb4000-561e3bec2000 r-xp 00000000 fc:03 158014                     /usr/sbin/nginx
561e3c0c2000-561e3c0c4000 r--p 0010e000 fc:03 158014                     /usr/sbin/nginx
561e3c0c4000-561e3c0e0000 rw-p 00110000 fc:03 158014                     /usr/sbin/nginx
561e3c0e0000-561e3c100000 rw-p 00000000 00:00 0 
561e3d863000-561e3d8e8000 rw-p 00000000 00:00 0                          [heap]
561e3d8e8000-561e3d941000 rw-p 00000000 00:00 0                          [heap]
7f5128000000-7f5128021000 rw-p 00000000 00:00 0 
7f5128021000-7f512c000000 ---p 00000000 00:00 0 
7f512df0e000-7f512df19000 r-xp 00000000 fc:03 1016                       /lib/x86_64-linux-gnu/libnss_files-2.23.so
7f512df19000-7f512e118000 ---p 0000b000 fc:03 1016                       /lib/x86_64-linux-gnu/libnss_files-2.23.so
7f512e118000-7f512e119000 r--p 0000a000 fc:03 1016                       /lib/x86_64-linux-gnu/libnss_files-2.23.so
7f512e119000-7f512e11a000 rw-p 0000b000 fc:03 1016                       /lib/x86_64-linux-gnu/libnss_files-2.23.so
7f512e11a000-7f512e120000 rw-p 00000000 00:00 0 
7f512e120000-7f512e125000 r-xp 00000000 fc:03 150338                     /usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
7f512e125000-7f512e324000 ---p 00005000 fc:03 150338                     /usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
7f512e324000-7f512e325000 r--p 00004000 fc:03 150338                     /usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
7f512e325000-7f512e326000 rw-p 00005000 fc:03 150338                     /usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
7f512e326000-7f512e328000 r-xp 00000000 fc:03 150336                     /usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
7f512e328000-7f512e528000 ---p 00002000 fc:03 150336                     /usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
7f512e528000-7f512e529000 r--p 00002000 fc:03 150336                     /usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
7f512e529000-7f512e52a000 rw-p 00003000 fc:03 150336                     /usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
7f512e52a000-7f512e54b000 r-xp 00000000 fc:03 150340                     /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
7f512e54b000-7f512e74a000 ---p 00021000 fc:03 150340                     /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
7f512e74a000-7f512e74b000 r--p 00020000 fc:03 150340                     /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
7f512e74b000-7f512e74c000 rw-p 00021000 fc:03 150340                     /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
7f512e74c000-7f512e757000 r-xp 00000000 fc:03 135320                     /usr/lib/x86_64-linux-gnu/libjbig.so.0
7f512e757000-7f512e956000 ---p 0000b000 fc:03 135320                     /usr/lib/x86_64-linux-gnu/libjbig.so.0
7f512e956000-7f512e957000 r--p 0000a000 fc:03 135320                     /usr/lib/x86_64-linux-gnu/libjbig.so.0
7f512e957000-7f512e95a000 rw-p 0000b000 fc:03 135320                     /usr/lib/x86_64-linux-gnu/libjbig.so.0
7f512e95a000-7f512ea8f000 r-xp 00000000 fc:03 150345                     /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
7f512ea8f000-7f512ec8f000 ---p 00135000 fc:03 150345                     /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
7f512ec8f000-7f512ec90000 r--p 00135000 fc:03 150345                     /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
7f512ec90000-7f512ec94000 rw-p 00136000 fc:03 150345                     /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
7f512ec94000-7f512ecba000 r-xp 00000000 fc:03 186                        /lib/x86_64-linux-gnu/libexpat.so.1.6.0
7f512ecba000-7f512eeba000 ---p 00026000 fc:03 186                        /lib/x86_64-linux-gnu/libexpat.so.1.6.0
7f512eeba000-7f512eebc000 r--p 00026000 fc:03 186                        /lib/x86_64-linux-gnu/libexpat.so.1.6.0
7f512eebc000-7f512eebd000 rw-p 00028000 fc:03 186                        /lib/x86_64-linux-gnu/libexpat.so.1.6.0
7f512eebd000-7f512eecf000 r-xp 00000000 fc:03 262                        /lib/x86_64-linux-gnu/libgpg-error.so.0.17.0
7f512eecf000-7f512f0cf000 ---p 00012000 fc:03 262                        /lib/x86_64-linux-gnu/libgpg-error.so.0.17.0
7f512f0cf000-7f512f0d0000 r--p 00012000 fc:03 262                        /lib/x86_64-linux-gnu/libgpg-error.so.0.17.0
7f512f0d0000-7f512f0d1000 rw-p 00013000 fc:03 262                        /lib/x86_64-linux-gnu/libgpg-error.so.0.17.0
7f512f0d1000-7f512f0e7000 r-xp 00000000 fc:03 259                        /lib/x86_64-linux-gnu/libgcc_s.so.1
7f512f0e7000-7f512f2e6000 ---p 00016000 fc:03 259                        /lib/x86_64-linux-gnu/libgcc_s.so.1
7f512f2e6000-7f512f2e7000 rw-p 00015000 fc:03 259                        /lib/x86_64-linux-gnu/libgcc_s.so.1
7f512f2e7000-7f512f459000 r-xp 00000000 fc:03 138660                     /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21
7f512f459000-7f512f659000 ---p 00172000 fc:03 138660                     /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21
7f512f659000-7f512f663000 r--p 00172000 fc:03 138660                     /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21
7f512f663000-7f512f665000 rw-p 0017c000 fc:03 138660                     /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21
7f512f665000-7f512f669000 rw-p 00000000 00:00 0 
7f512f669000-7f5130f1f000 r-xp 00000000 fc:03 148259                     /usr/lib/x86_64-linux-gnu/libicudata.so.55.1
7f5130f1f000-7f513111e000 ---p 018b6000 fc:03 148259                     /usr/lib/x86_64-linux-gnu/libicudata.so.55.1
7f513111e000-7f513111f000 r--p 018b5000 fc:03 148259                     /usr/lib/x86_64-linux-gnu/libicudata.so.55.1
7f513111f000-7f5131120000 rw-p 018b6000 fc:03 148259                     /usr/lib/x86_64-linux-gnu/libicudata.so.55.1
7f5131120000-7f5131190000 r-xp 00000000 fc:03 157461                     /usr/lib/x86_64-linux-gnu/libtiff.so.5.2.4
7f5131190000-7f5131390000 ---p 00070000 fc:03 157461                     /usr/lib/x86_64-linux-gnu/libtiff.so.5.2.4
7f5131390000-7f5131391000 r--p 00070000 fc:03 157461                     /usr/lib/x86_64-linux-gnu/libtiff.so.5.2.4
7f5131391000-7f5131394000 rw-p 00071000 fc:03 157461                     /usr/lib/x86_64-linux-gnu/libtiff.so.5.2.4
7f5131394000-7f51315b3000 r-xp 00000000 fc:03 157472                     /usr/lib/x86_64-linux-gnu/libvpx.so.3.0.0
7f51315b3000-7f51317b2000 ---p 0021f000 fc:03 157472                     /usr/lib/x86_64-linux-gnu/libvpx.so.3.0.0
7f51317b2000-7f51317b4000 r--p 0021e000 fc:03 157472                     /usr/lib/x86_64-linux-gnu/libvpx.so.3.0.0
7f51317b4000-7f51317b5000 rw-p 00220000 fc:03 157472                     /usr/lib/x86_64-linux-gnu/libvpx.so.3.0.0
7f51317b5000-7f51317b8000 rw-p 00000000 00:00 0 
7f51317b8000-7f51317c8000 r-xp 00000000 fc:03 157478                     /usr/lib/x86_64-linux-gnu/libXpm.so.4.11.0
7f51317c8000-7f51319c8000 ---p 00010000 fc:03 157478                     /usr/lib/x86_64-linux-gnu/libXpm.so.4.11.0
7f51319c8000-7f51319c9000 r--p 00010000 fc:03 157478                     /usr/lib/x86_64-linux-gnu/libXpm.so.4.11.0
7f51319c9000-7f51319ca000 rw-p 00011000 fc:03 157478                     /usr/lib/x86_64-linux-gnu/libXpm.so.4.11.0
7f51319ca000-7f5131a07000 r-xp 00000000 fc:03 157451                     /usr/lib/x86_64-linux-gnu/libfontconfig.so.1.9.0
7f5131a07000-7f5131c06000 ---p 0003d000 fc:03 157451                     /usr/lib/x86_64-linux-gnu/libfontconfig.so.1.9.0
7f5131c06000-7f5131c08000 r--p 0003c000 fc:03 157451                     /usr/lib/x86_64-linux-gnu/libfontconfig.so.1.9.0
7f5131c08000-7f5131c0d000 rw-p 0003e000 fc:03 157451                     /usr/lib/x86_64-linux-gnu/libfontconfig.so.1.9.0
7f5131c0d000-7f5131cb1000 r-xp 00000000 fc:03 157441                     /usr/lib/x86_64-linux-gnu/libfreetype.so.6.12.1
7f5131cb1000-7f5131eb0000 ---p 000a4000 fc:03 157441                     /usr/lib/x86_64-linux-gnu/libfreetype.so.6.12.1
7f5131eb0000-7f5131eb6000 r--p 000a3000 fc:03 157441                     /usr/lib/x86_64-linux-gnu/libfreetype.so.6.12.1
7f5131eb6000-7f5131eb7000 rw-p 000a9000 fc:03 157441                     /usr/lib/x86_64-linux-gnu/libfreetype.so.6.12.1
7f5131eb7000-7f5131edb000 r-xp 00000000 fc:03 924                        /lib/x86_64-linux-gnu/libpng12.so.0.54.0
7f5131edb000-7f51320da000 ---p 00024000 fc:03 924                        /lib/x86_64-linux-gnu/libpng12.so.0.54.0
7f51320da000-7f51320db000 r--p 00023000 fc:03 924                        /lib/x86_64-linux-gnu/libpng12.so.0.54.0
7f51320db000-7f51320dc000 rw-p 00024000 fc:03 924                        /lib/x86_64-linux-gnu/libpng12.so.0.54.0
7f51320dc000-7f5132133000 r-xp 00000000 fc:03 135299                     /usr/lib/x86_64-linux-gnu/libjpeg.so.8.0.2
7f5132133000-7f5132333000 ---p 00057000 fc:03 135299                     /usr/lib/x86_64-linux-gnu/libjpeg.so.8.0.2
7f5132333000-7f5132334000 r--p 00057000 fc:03 135299                     /usr/lib/x86_64-linux-gnu/libjpeg.so.8.0.2
7f5132334000-7f5132335000 rw-p 00058000 fc:03 135299                     /usr/lib/x86_64-linux-gnu/libjpeg.so.8.0.2
7f5132335000-7f513240d000 r-xp 00000000 fc:03 260                        /lib/x86_64-linux-gnu/libgcrypt.so.20.0.5
7f513240d000-7f513260c000 ---p 000d8000 fc:03 260                        /lib/x86_64-linux-gnu/libgcrypt.so.20.0.5
7f513260c000-7f513260d000 r--p 000d7000 fc:03 260                        /lib/x86_64-linux-gnu/libgcrypt.so.20.0.5
7f513260d000-7f5132615000 rw-p 000d8000 fc:03 260                        /lib/x86_64-linux-gnu/libgcrypt.so.20.0.5
7f5132615000-7f5132616000 rw-p 00000000 00:00 0 
7f5132616000-7f513271e000 r-xp 00000000 fc:03 1030                       /lib/x86_64-linux-gnu/libm-2.23.so
7f513271e000-7f513291d000 ---p 00108000 fc:03 1030                       /lib/x86_64-linux-gnu/libm-2.23.so
7f513291d000-7f513291e000 r--p 00107000 fc:03 1030                       /lib/x86_64-linux-gnu/libm-2.23.so
7f513291e000-7f513291f000 rw-p 00108000 fc:03 1030                       /lib/x86_64-linux-gnu/libm-2.23.so
7f513291f000-7f5132940000 r-xp 00000000 fc:03 266                        /lib/x86_64-linux-gnu/liblzma.so.5.0.0
7f5132940000-7f5132b3f000 ---p 00021000 fc:03 266                        /lib/x86_64-linux-gnu/liblzma.so.5.0.0
7f5132b3f000-7f5132b40000 r--p 00020000 fc:03 266                        /lib/x86_64-linux-gnu/liblzma.so.5.0.0
7f5132b40000-7f5132b41000 rw-p 00021000 fc:03 266                        /lib/x86_64-linux-gnu/liblzma.so.5.0.0
7f5132b41000-7f5132cc0000 r-xp 00000000 fc:03 148261                     /usr/lib/x86_64-linux-gnu/libicuuc.so.55.1
7f5132cc0000-7f5132ec0000 ---p 0017f000 fc:03 148261                     /usr/lib/x86_64-linux-gnu/libicuuc.so.55.1
7f5132ec0000-7f5132ed0000 r--p 0017f000 fc:03 148261                     /usr/lib/x86_64-linux-gnu/libicuuc.so.55.1
7f5132ed0000-7f5132ed1000 rw-p 0018f000 fc:03 148261                     /usr/lib/x86_64-linux-gnu/libicuuc.so.55.1
7f5132ed1000-7f5132ed5000 rw-p 00000000 00:00 0 
7f5132ed5000-7f5133095000 r-xp 00000000 fc:03 1035                       /lib/x86_64-linux-gnu/libc-2.23.so
7f5133095000-7f5133295000 ---p 001c0000 fc:03 1035                       /lib/x86_64-linux-gnu/libc-2.23.so
7f5133295000-7f5133299000 r--p 001c0000 fc:03 1035                       /lib/x86_64-linux-gnu/libc-2.23.so
7f5133299000-7f513329b000 rw-p 001c4000 fc:03 1035                       /lib/x86_64-linux-gnu/libc-2.23.so
7f513329b000-7f513329f000 rw-p 00000000 00:00 0 
7f513329f000-7f51332ce000 r-xp 00000000 fc:03 152250                     /usr/lib/x86_64-linux-gnu/libGeoIP.so.1.6.9
7f51332ce000-7f51334cd000 ---p 0002f000 fc:03 152250                     /usr/lib/x86_64-linux-gnu/libGeoIP.so.1.6.9
7f51334cd000-7f51334ce000 r--p 0002e000 fc:03 152250                     /usr/lib/x86_64-linux-gnu/libGeoIP.so.1.6.9
7f51334ce000-7f51334d0000 rw-p 0002f000 fc:03 152250                     /usr/lib/x86_64-linux-gnu/libGeoIP.so.1.6.9
7f51334d0000-7f5133513000 r-xp 00000000 fc:03 157484                     /usr/lib/x86_64-linux-gnu/libgd.so.3.0.0
7f5133513000-7f5133712000 ---p 00043000 fc:03 157484                     /usr/lib/x86_64-linux-gnu/libgd.so.3.0.0
7f5133712000-7f5133718000 r--p 00042000 fc:03 157484                     /usr/lib/x86_64-linux-gnu/libgd.so.3.0.0
7f5133718000-7f5133737000 rw-p 00048000 fc:03 157484                     /usr/lib/x86_64-linux-gnu/libgd.so.3.0.0
7f5133737000-7f513373c000 rw-p 00000000 00:00 0 
7f513373c000-7f5133750000 r-xp 00000000 fc:03 157525                     /usr/lib/x86_64-linux-gnu/libexslt.so.0.8.17
7f5133750000-7f513394f000 ---p 00014000 fc:03 157525                     /usr/lib/x86_64-linux-gnu/libexslt.so.0.8.17
7f513394f000-7f5133950000 r--p 00013000 fc:03 157525                     /usr/lib/x86_64-linux-gnu/libexslt.so.0.8.17
7f5133950000-7f5133951000 rw-p 00014000 fc:03 157525                     /usr/lib/x86_64-linux-gnu/libexslt.so.0.8.17
7f5133951000-7f513398c000 r-xp 00000000 fc:03 157524                     /usr/lib/x86_64-linux-gnu/libxslt.so.1.1.28
7f513398c000-7f5133b8c000 ---p 0003b000 fc:03 157524                     /usr/lib/x86_64-linux-gnu/libxslt.so.1.1.28
7f5133b8c000-7f5133b8d000 r--p 0003b000 fc:03 157524                     /usr/lib/x86_64-linux-gnu/libxslt.so.1.1.28
7f5133b8d000-7f5133b8e000 rw-p 0003c000 fc:03 157524                     /usr/lib/x86_64-linux-gnu/libxslt.so.1.1.28
7f5133b8e000-7f5133d3f000 r-xp 00000000 fc:03 148274                     /usr/lib/x86_64-linux-gnu/libxml2.so.2.9.3
7f5133d3f000-7f5133f3e000 ---p 001b1000 fc:03 148274                     /usr/lib/x86_64-linux-gnu/libxml2.so.2.9.3
7f5133f3e000-7f5133f46000 r--p 001b0000 fc:03 148274                     /usr/lib/x86_64-linux-gnu/libxml2.so.2.9.3
7f5133f46000-7f5133f48000 rw-p 001b8000 fc:03 148274                     /usr/lib/x86_64-linux-gnu/libxml2.so.2.9.3
7f5133f48000-7f5133f49000 rw-p 00000000 00:00 0 
7f5133f49000-7f5133f62000 r-xp 00000000 fc:03 596                        /lib/x86_64-linux-gnu/libz.so.1.2.8
7f5133f62000-7f5134161000 ---p 00019000 fc:03 596                        /lib/x86_64-linux-gnu/libz.so.1.2.8
7f5134161000-7f5134162000 r--p 00018000 fc:03 596                        /lib/x86_64-linux-gnu/libz.so.1.2.8
7f5134162000-7f5134163000 rw-p 00019000 fc:03 596                        /lib/x86_64-linux-gnu/libz.so.1.2.8
7f5134163000-7f513437d000 r-xp 00000000 fc:03 432                        /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
7f513437d000-7f513457c000 ---p 0021a000 fc:03 432                        /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
7f513457c000-7f5134598000 r--p 00219000 fc:03 432                        /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
7f5134598000-7f51345a4000 rw-p 00235000 fc:03 432                        /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
7f51345a4000-7f51345a7000 rw-p 00000000 00:00 0 
7f51345a7000-7f5134605000 r-xp 00000000 fc:03 433                        /lib/x86_64-linux-gnu/libssl.so.1.0.0
7f5134605000-7f5134805000 ---p 0005e000 fc:03 433                        /lib/x86_64-linux-gnu/libssl.so.1.0.0
7f5134805000-7f5134809000 r--p 0005e000 fc:03 433                        /lib/x86_64-linux-gnu/libssl.so.1.0.0
7f5134809000-7f5134810000 rw-p 00062000 fc:03 433                        /lib/x86_64-linux-gnu/libssl.so.1.0.0
7f5134810000-7f513487e000 r-xp 00000000 fc:03 303                        /lib/x86_64-linux-gnu/libpcre.so.3.13.2
7f513487e000-7f5134a7e000 ---p 0006e000 fc:03 303                        /lib/x86_64-linux-gnu/libpcre.so.3.13.2
7f5134a7e000-7f5134a7f000 r--p 0006e000 fc:03 303                        /lib/x86_64-linux-gnu/libpcre.so.3.13.2
7f5134a7f000-7f5134a80000 rw-p 0006f000 fc:03 303                        /lib/x86_64-linux-gnu/libpcre.so.3.13.2
7f5134a80000-7f5134a89000 r-xp 00000000 fc:03 1017                       /lib/x86_64-linux-gnu/libcrypt-2.23.so
7f5134a89000-7f5134c88000 ---p 00009000 fc:03 1017                       /lib/x86_64-linux-gnu/libcrypt-2.23.so
7f5134c88000-7f5134c89000 r--p 00008000 fc:03 1017                       /lib/x86_64-linux-gnu/libcrypt-2.23.so
7f5134c89000-7f5134c8a000 rw-p 00009000 fc:03 1017                       /lib/x86_64-linux-gnu/libcrypt-2.23.so
7f5134c8a000-7f5134cb8000 rw-p 00000000 00:00 0 
7f5134cb8000-7f5134cd0000 r-xp 00000000 fc:03 1018                       /lib/x86_64-linux-gnu/libpthread-2.23.so
7f5134cd0000-7f5134ecf000 ---p 00018000 fc:03 1018                       /lib/x86_64-linux-gnu/libpthread-2.23.so
7f5134ecf000-7f5134ed0000 r--p 00017000 fc:03 1018                       /lib/x86_64-linux-gnu/libpthread-2.23.so
7f5134ed0000-7f5134ed1000 rw-p 00018000 fc:03 1018                       /lib/x86_64-linux-gnu/libpthread-2.23.so
7f5134ed1000-7f5134ed5000 rw-p 00000000 00:00 0 
7f5134ed5000-7f5134ed8000 r-xp 00000000 fc:03 1024                       /lib/x86_64-linux-gnu/libdl-2.23.so
7f5134ed8000-7f51350d7000 ---p 00003000 fc:03 1024                       /lib/x86_64-linux-gnu/libdl-2.23.so
7f51350d7000-7f51350d8000 r--p 00002000 fc:03 1024                       /lib/x86_64-linux-gnu/libdl-2.23.so
7f51350d8000-7f51350d9000 rw-p 00003000 fc:03 1024                       /lib/x86_64-linux-gnu/libdl-2.23.so
7f51350d9000-7f51350ff000 r-xp 00000000 fc:03 1013                       /lib/x86_64-linux-gnu/ld-2.23.so
7f51352e3000-7f51352f5000 rw-p 00000000 00:00 0 
7f51352fa000-7f51352fb000 rw-p 00000000 00:00 0 
7f51352fb000-7f51352fc000 rw-s 00000000 00:05 27833                      /dev/zero (deleted)
7f51352fc000-7f51352fe000 rw-p 00000000 00:00 0 
7f51352fe000-7f51352ff000 r--p 00025000 fc:03 1013                       /lib/x86_64-linux-gnu/ld-2.23.so
7f51352ff000-7f5135300000 rw-p 00026000 fc:03 1013                       /lib/x86_64-linux-gnu/ld-2.23.so
7f5135300000-7f5135301000 rw-p 00000000 00:00 0 
7ffd98eab000-7ffd98ecc000 rw-p 00000000 00:00 0                          [stack]
7ffd98fee000-7ffd98ff0000 r--p 00000000 00:00 0                          [vvar]
7ffd98ff0000-7ffd98ff2000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
2017/08/03 12:44:17 [alert] 3380#3380: worker process 3381 exited on signal 6 (core dumped)

comment:4 by Maxim Dounin, 7 years ago

sensitive: 0

Please prove "nginx -V" output and debug log.

comment:5 by Ankush-Goyal@…, 15 months ago

I am facing the same issue. Hard coded checking on the size of header is creating alot of issue.
Scenario:

1) Due to backend implementation(or bug) a set of cookie gets added every time.
As the limit (65535) of header gets crossed, nginx throws error every time request comes from the same client. It becomes tedious to fix such a scenario from client end.

Making it configurable would give developer space to atleast fix on issues. The fact that size of cookie should not be that large is totally agreed but keeping 65535 as default would give user the flexibility to use with caution.

nginx -v -> nginx/1.20.1

tested on centOS as well as MAC.

in reply to:  5 comment:6 by Maxim Dounin, 15 months ago

Replying to Ankush-Goyal@…:

I am facing the same issue. Hard coded checking on the size of header is creating alot of issue.

It's not about hardcoding, it's about the FastCGI protocol record size limitation. Teaching nginx to split request headers over multiple FastCGI records is possible, though requires some non-trivial changes. Don't hesitate to submit patches if you think it's important.

Scenario:

1) Due to backend implementation(or bug) a set of cookie gets added every time.
As the limit (65535) of header gets crossed, nginx throws error every time request comes from the same client. It becomes tedious to fix such a scenario from client end.

Making it configurable would give developer space to atleast fix on issues. The fact that size of cookie should not be that large is totally agreed but keeping 65535 as default would give user the flexibility to use with caution.

Note that by default nginx will reject requests larger than 33k, see comment:1.

Note: See TracTickets for help on using tickets.