Opened 7 years ago

Closed 7 years ago

#51 closed defect (fixed)

nginx cache file md5 collision

Reported by: www.google.com/accounts/o8/id?id=AItOawkan2535CCufUE3eUGl9YfITdNzBkpD8ac Owned by: somebody
Priority: critical Milestone:
Component: nginx-core Version: 1.0.x
Keywords: Cc:
uname -a: Linux www 2.6.18-274.7.1.el5 #1 SMP Thu Oct 20 16:21:01 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: nginx: nginx version: nginx/1.0.9 nginx: configure arguments: --with-http_stub_status_module --prefix=/home2/nginx --with-debug

Description

The url :
http://www.ads119.com/player/nanrenbang/nanrenbang-38212-93019-1234567890-8.html
and
http://www.ads119.com/player/nanrenbang/nanrenbang-38212-93019-1234567890-4.html

have the same cache file.

In the debug error log:

2011/11/10 13:10:06 [crit] 4475#0: *73 cache file "/home2/cache2/2/9c/439320ddec62f770fbc2eaca73c659c2" has md5 collision, client: 116.226.65.23, server: www.ads119.com, request: "GET /player/nanrenbang/nanrenbang-38212-93019-1234567890-8.html HTTP/1.1", host: "www.ads119.com:8080"

[root@www logs]# head -n 2 /home2/cache2/2/9c/439320ddec62f770fbc2eaca73c659c2 | tail -n 1
KEY: http://www.ads119.com/player/nanrenbang/nanrenbang-38212-93019-1234567890-8.html
[root@www logs]# head -n 1 /home2/cache2/2/9c/439320ddec62f770fbc2eaca73c659c2 | hexdump
0000000 86df 4ebb 0000 0000 3fca 4eba 0000 0000
0000010 5caf 4ebb 0000 0000 7226 0786 0000 007f
0000020 015b 5820 5448 4c4d 000a
0000029

[root@www logs]# head -n 2 /home2/cache2/2/9c/439320ddec62f770fbc2eaca73c659c2 | tail -n 1
KEY: http://www.ads119.com/player/nanrenbang/nanrenbang-38212-93019-1234567890-4.html
[root@www logs]# head -n 1 /home2/cache2/2/9c/439320ddec62f770fbc2eaca73c659c2 | hexdump
0000000 8813 4ebb 0000 0000 3fca 4eba 0000 0000
0000010 5de3 4ebb 0000 0000 b25d 7044 0000 007f
0000020 015b 5820 5448 4c4d 000a
0000029

[root@www logs]# cat /etc/redhat-release
CentOS release 5.7 (Final)

Attachments (6)

nginx.conf (2.6 KB) - added by www.google.com/accounts/o8/id?id=AItOawkan2535CCufUE3eUGl9YfITdNzBkpD8ac 7 years ago.
nginx.conf
nginx.2.conf (2.6 KB) - added by www.google.com/accounts/o8/id?id=AItOawkan2535CCufUE3eUGl9YfITdNzBkpD8ac 7 years ago.
nginx.conf
debug_http_log.rar (11.1 KB) - added by www.google.com/accounts/o8/id?id=AItOawkan2535CCufUE3eUGl9YfITdNzBkpD8ac 7 years ago.
debug_error_log_http_1.0.8.zip (12.7 KB) - added by www.google.com/accounts/o8/id?id=AItOawkan2535CCufUE3eUGl9YfITdNzBkpD8ac 7 years ago.
debug_http log nginx 1.0.8
configure_output_1.0.9 (4.1 KB) - added by www.google.com/accounts/o8/id?id=AItOawkan2535CCufUE3eUGl9YfITdNzBkpD8ac 7 years ago.
./configure ouput of 1.0.9
error.log_1.0.9.tar.gz (45.0 KB) - added by www.google.com/accounts/o8/id?id=AItOawkan2535CCufUE3eUGl9YfITdNzBkpD8ac 7 years ago.
global debug error log of 1.0.9

Download all attachments as: .zip

Change History (13)

Changed 7 years ago by www.google.com/accounts/o8/id?id=AItOawkan2535CCufUE3eUGl9YfITdNzBkpD8ac

nginx.conf

Changed 7 years ago by www.google.com/accounts/o8/id?id=AItOawkan2535CCufUE3eUGl9YfITdNzBkpD8ac

nginx.conf

Changed 7 years ago by www.google.com/accounts/o8/id?id=AItOawkan2535CCufUE3eUGl9YfITdNzBkpD8ac

comment:1 Changed 7 years ago by www.google.com/accounts/o8/id?id=AItOawkan2535CCufUE3eUGl9YfITdNzBkpD8ac

The nginx server's IP is[ 61.74.61.23 ] and nginx proxy is listen on port 8080.

For testing I have to set
61.74.61.23 www.ads119.com
in C:\WINDOWS\system32\drivers\etc\hosts in the IE browser client machine.

so in my IE broswer, the url is http://www.ads119.com:8080/player/nanrenbang/nanrenbang-38212-93019-1234567890-4.html, which will be proxy by nginx .

The real web server's IP is 203.156.254.86 and web server listen on port 80.

Hope it is not Confusing.

comment:2 Changed 7 years ago by www.google.com/accounts/o8/id?id=AItOawkan2535CCufUE3eUGl9YfITdNzBkpD8ac

Default key's format is $scheme$proxy_host$request_uri;

If I change the KEY's format to :
proxy_cache_key $proxy_host$request_uri;

removing $schema, everything will be ok.

comment:3 Changed 7 years ago by is

  • Status changed from new to accepted

Could you reproduce it on earlier versions: 1.0.8, 1.0.6, and 1.0.5 ?

comment:4 Changed 7 years ago by www.google.com/accounts/o8/id?id=AItOawkan2535CCufUE3eUGl9YfITdNzBkpD8ac

reproduced on 1.0.8 in the same server.

[root@www logs]# /home2/nginx/sbin/nginx -V
nginx: nginx version: nginx/1.0.8
nginx: configure arguments: --with-http_stub_status_module --prefix=/home2/nginx --with-debug

Last edited 7 years ago by www.google.com/accounts/o8/id?id=AItOawkan2535CCufUE3eUGl9YfITdNzBkpD8ac (previous) (diff)

Changed 7 years ago by www.google.com/accounts/o8/id?id=AItOawkan2535CCufUE3eUGl9YfITdNzBkpD8ac

debug_http log nginx 1.0.8

comment:5 Changed 7 years ago by is

Could you show ./configure output of nginx-1.0.9 building ?

Also for future debug logs please use global

error_log logs/error.log debug;

but not

error_log logs/ttttt debug_http;

inside server, since the latter has only part of debug information.

Changed 7 years ago by www.google.com/accounts/o8/id?id=AItOawkan2535CCufUE3eUGl9YfITdNzBkpD8ac

./configure ouput of 1.0.9

Changed 7 years ago by www.google.com/accounts/o8/id?id=AItOawkan2535CCufUE3eUGl9YfITdNzBkpD8ac

global debug error log of 1.0.9

comment:6 Changed 7 years ago by mdounin

Please try the following patch:

# HG changeset patch
# User Maxim Dounin <mdounin@mdounin.ru>
# Date 1321239366 -10800
# Node ID 9fec077b7095eca2ed5a37305add0e0a7e1b63c6
# Parent  8113a90f235f14fbe9613ab775d6df504a458cb3
Backout incorrect change in internal md5 in r3928.

diff --git a/src/core/ngx_md5.c b/src/core/ngx_md5.c
--- a/src/core/ngx_md5.c
+++ b/src/core/ngx_md5.c
@@ -47,7 +47,8 @@ ngx_md5_update(ngx_md5_t *ctx, const voi
             return;
         }
 
-        data = ngx_cpymem(&ctx->buffer[used], data, free);
+        ngx_memcpy(&ctx->buffer[used], data, free);
+        data = (u_char *)data + free;
         size -= free;
         (void) ngx_md5_body(ctx, ctx->buffer, 64);
     }

It should fix this.

comment:7 Changed 7 years ago by mdounin

  • Resolution set to fixed
  • Status changed from accepted to closed

Committed as r4280.

Note: See TracTickets for help on using tickets.