Author: mdounin
Date: 2011-12-12 10:47:48 +0000 (Mon, 12 Dec 2011)
New Revision: 4340

Log:
Cache: handling of cache files with long headers.

There are two possible situations which can lead to this: response was
cached with bigger proxy_buffer_size value (and nginx was restared since
then, i.e. shared memory zone content was lost), or due to the race in
the cache update code (see [1]) we've end up with fcn->body_start from
a different response stored in shared memory zone.

[1] http://mailman.nginx.org/pipermail/nginx-devel/2011-September/001287.html


Modified:
trunk/src/http/ngx_http_file_cache.c

Modified: trunk/src/http/ngx_http_file_cache.c
===================================================================
--- trunk/src/http/ngx_http_file_cache.c 2011-12-12 10:46:43 UTC (rev 4339)
+++ trunk/src/http/ngx_http_file_cache.c 2011-12-12 10:47:48 UTC (rev 4340)
@@ -386,6 +386,13 @@
return NGX_DECLINED;
}

+ if (h->body_start > c->body_start) {
+ ngx_log_error(NGX_LOG_CRIT, r->connection->log, 0,
+ "cache file \"%s\" has too long header",
+ c->file.name.data);
+ return NGX_DECLINED;
+ }
+
c->buf->last += n;

c->valid_sec = h->valid_sec;

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel