Maxim Dounin
July 27, 2015 01:48AM
Hello!

On Sun, Jul 26, 2015 at 10:25:19AM -0400, Per Hansson wrote:

> Hi, after upgrading from the v1.6.3 to v1.8.0 stable branch an alias I used
> for Roundcubemail no longer works.
> I traced the issue back to a probable change made in nginx v1.7.1:
> "Bugfix: the "alias" directive used inside a location given by a regular
> expression worked incorrectly if the "if" or "limit_except" directives were
> used."
>
> In version 1.6.3 and 1.7.0 the following works fine:
> ## Roundcubemail for Remi repository
> location ~ ^/mail/(.+\.php)$ {
> alias /usr/share/roundcubemail/$1;
> client_max_body_size 5M;
> fastcgi_pass _php;
> }
> location ~ /mail {
> alias /usr/share/roundcubemail/;
> client_max_body_size 5M;
> try_files $uri $uri/ /index.php;
> }
>
> But in v1.7.1 it causes nginx to core dump if I visit the url
> domain.com/mail and if I visit domain.com/mail/ I get taken to the front
> page.
>
> [notice] 26221#0: signal 17 (SIGCHLD) received
> [alert] 26221#0: worker process 26223 exited on signal 11 (core dumped)
> [notice] 26221#0: start worker process 26231
> [notice] 26221#0: signal 29 (SIGIO) received

Thanks, it was broken by this commit:

http://hg.nginx.org/nginx/rev/c985d90a8d1f

The patch below will fix the segfault. Note though, that the
result will probably won't work for you. Proper way to fix this
would be to don't use regex location for /mail, but use a prefix
one instead, i.e.:

location /mail {
alias /usr/share/roundcubemail/;
try_files $uri $uri/ /index.php;
}

(Note: no "~".)

The configuration with regex location previously worked by
coincidence - in try_files nginx used to do string comparison with
regular expression specified, and this happened to produce
sensible result in your case.

Patch:

# HG changeset patch
# User Maxim Dounin <mdounin@mdounin.ru>
# Date 1437975869 -10800
# Mon Jul 27 08:44:29 2015 +0300
# Node ID cb8f6e9d9943e2c8bd332443c0018a40353288fe
# Parent d34cda011a8ed968c5f2c4469ce43b7e7f0afda6
Fixed segfault with try_files introduced by c985d90a8d1f.

If alias was used in a location given by a regular expression,
nginx used to do wrong thing in try_files if a location name (i.e.,
regular expression) was an exact prefix of URI. The following
configuration triggered a segmentation fault on a request to "/mail":

location ~ /mail {
alias /path/to/directory;
try_files $uri =404;
}

Reported by Per Hansson.

diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c
--- a/src/http/ngx_http_core_module.c
+++ b/src/http/ngx_http_core_module.c
@@ -1239,7 +1239,9 @@ ngx_http_core_try_files_phase(ngx_http_r

*e.pos = '\0';

- if (alias && ngx_strncmp(name, clcf->name.data, alias) == 0) {
+ if (alias && alias != NGX_MAX_SIZE_T_VALUE
+ && ngx_strncmp(name, clcf->name.data, alias) == 0)
+ {
ngx_memmove(name, name + alias, len - alias);
path.len -= alias;
}

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Alias regex use causing core dump as of nginx 1.7.1

Per Hansson July 26, 2015 10:25AM

Re: Alias regex use causing core dump as of nginx 1.7.1

Maxim Dounin July 27, 2015 01:48AM

Re: Alias regex use causing core dump as of nginx 1.7.1

Per Hansson July 27, 2015 07:26AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 47
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready