Opened 6 years ago
Closed 6 years ago
#1679 closed defect (invalid)
Possible infinite loop in function ngx_cache_manager_process_cycle and ngx_cache_loader_process_handler in src/os/unix/ngx_process_cycle.c
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | nginx-core | Version: | 1.15.x |
Keywords: | Cc: | ||
uname -a: | |||
nginx -V: | None |
Description
Hi,
There are two possible infinite loop vulnerabilities in function ngx_cache_manager_process_cycle and ngx_cache_loader_process_handler in src/os/unix/ngx_process_cycle.c. And, I am not so sure about the issue.
We take function ngx_cache_loader_process_handler as an example.
1206 static void 1207 ngx_cache_loader_process_handler(ngx_event_t *ev) 1208 { 1209 ngx_uint_t i; 1210 ngx_path_t **path; 1211 ngx_cycle_t *cycle; 1212 1213 cycle = (ngx_cycle_t *) ngx_cycle; 1214 1215 path = cycle->paths.elts; 1216 for (i = 0; i < cycle->paths.nelts; i++) { 1217 1218 if (ngx_terminate || ngx_quit) { 1219 break; 1220 } 1221 1222 if (path[i]->loader) { 1223 path[i]->loader(path[i]->data); 1224 ngx_time_update(); 1225 } 1226 } 1227 1228 exit(0); 1229 }
The "ngx_quit" may be reset in function ngx_worker_process_cycle. So, make sure to test ngx_exiting as well.
This issue is very similar to an issue that was fixed in https://trac.nginx.org/nginx/browser/nginx/src/os/win32/ngx_process_cycle.c?rev=b74f1106f920fe9e447c710e57a5ccdeae46d8e3.
The similar issue is https://trac.nginx.org/nginx/ticket/514.
Note:
See TracTickets
for help on using tickets.
The ngx_worker_process_cycle() function is not used in cache loader and cache manager processes, and cannot reset
ngx_quit
. The issue in #514 is win32-specific and happens due to the fact that cache loader and cache manager are threads on win32, not real processes.