Opened 6 years ago
Closed 6 years ago
#1679 closed defect (invalid)
Possible infinite loop in function ngx_cache_manager_process_cycle and ngx_cache_loader_process_handler in src/os/unix/ngx_process_cycle.c
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | nginx-core | Version: | 1.15.x |
| Keywords: | Cc: | ||
| uname -a: | |||
| nginx -V: | None | ||
Description
Hi,
There are two possible infinite loop vulnerabilities in function ngx_cache_manager_process_cycle and ngx_cache_loader_process_handler in src/os/unix/ngx_process_cycle.c. And, I am not so sure about the issue.
We take function ngx_cache_loader_process_handler as an example.
1206 static void
1207 ngx_cache_loader_process_handler(ngx_event_t *ev)
1208 {
1209 ngx_uint_t i;
1210 ngx_path_t **path;
1211 ngx_cycle_t *cycle;
1212
1213 cycle = (ngx_cycle_t *) ngx_cycle;
1214
1215 path = cycle->paths.elts;
1216 for (i = 0; i < cycle->paths.nelts; i++) {
1217
1218 if (ngx_terminate || ngx_quit) {
1219 break;
1220 }
1221
1222 if (path[i]->loader) {
1223 path[i]->loader(path[i]->data);
1224 ngx_time_update();
1225 }
1226 }
1227
1228 exit(0);
1229 }
The "ngx_quit" may be reset in function ngx_worker_process_cycle. So, make sure to test ngx_exiting as well.
This issue is very similar to an issue that was fixed in https://trac.nginx.org/nginx/browser/nginx/src/os/win32/ngx_process_cycle.c?rev=b74f1106f920fe9e447c710e57a5ccdeae46d8e3.
The similar issue is https://trac.nginx.org/nginx/ticket/514.
Note:
See TracTickets
for help on using tickets.
The ngx_worker_process_cycle() function is not used in cache loader and cache manager processes, and cannot reset
ngx_quit. The issue in #514 is win32-specific and happens due to the fact that cache loader and cache manager are threads on win32, not real processes.