anomalizer / ngx_aws_auth

nginx module to proxy to authenticated AWS services
BSD 2-Clause "Simplified" License
470 stars 144 forks source link

nginx worker process getting killed when request has query string parameters #65

Open raja1128 opened 5 years ago

raja1128 commented 5 years ago

Nginx worker process is getting killed, on every request with query string parameters

request: "GET /s3proxy/test.html?dc=apples HTTP/1.1" [error] 332#332: *15 canonical qs constructed is dc=apples

*15 canonical req is GET /s3proxy/test.html dc=apples

Error backtrace: [alert] 326#326: worker process 331 exited on signal 11 (core dumped)

glibc detected nginx: worker process: corrupted double-linked list: 0x0000560500c0e790 *** ======= Backtrace: ========= /lib64/libc.so.6(+0x75e5e)[0x7fcadad5ce5e] /lib64/libc.so.6(+0x7a614)[0x7fcadad61614] /lib64/libc.so.6(__libc_malloc+0x5c)[0x7fcadad61b1c] /usr/lib64/libcrypto.so.10(CRYPTO_malloc+0x5e)[0x7fcadb2fbcee] /usr/lib64/libcrypto.so.10(sk_new+0x3d)[0x7fcadb37704d] /usr/lib64/libcrypto.so.10(+0x103b00)[0x7fcadb394b00] /usr/lib64/libcrypto.so.10(+0x1084ce)[0x7fcadb3994ce] /usr/lib64/libcrypto.so.10(+0x1083fa)[0x7fcadb3993fa] /usr/lib64/libcrypto.so.10(+0x1083fa)[0x7fcadb3993fa] /usr/lib64/libcrypto.so.10(ASN1_item_ex_d2i+0xc37)[0x7fcadb39c5a7] /usr/lib64/libcrypto.so.10(ASN1_item_d2i+0x44)[0x7fcadb39cc64] /usr/lib64/libssl.so.10(ssl3_get_server_certificate+0x251)[0x7fcadb69b621] /usr/lib64/libssl.so.10(ssl3_connect+0x892)[0x7fcadb69dd62] nginx: worker process(ngx_ssl_handshake+0x1f)[0x5604ff06f95f] nginx: worker process(+0x59b32)[0x5604ff06fb32] nginx: worker process(+0x548d3)[0x5604ff06a8d3] nginx: worker process(ngx_process_events_and_timers+0x7f)[0x5604ff06033f] nginx: worker process(+0x525d0)[0x5604ff0685d0] nginx: worker process(ngx_spawn_process+0x195)[0x5604ff0667e5] nginx: worker process(ngx_master_process_cycle+0x804)[0x5604ff0692b4] nginx: worker process(main+0xb4a)[0x5604ff04172a] /lib64/libc.so.6(__libc_start_main+0x100)[0x7fcadad05d20] nginx: worker process(+0x29769)[0x5604ff03f769]

nginx version: nginx/1.15.7 built by gcc 4.4.7 20120313 (Red Hat 4.4.7-23) (GCC) built with OpenSSL 1.0.1e-fips 11 Feb 2013 TLS SNI support enabled

OS: centos6

hexmarkrecords commented 4 years ago

I've solved this problem using

set $args '';

Above the proxypass. This nukes the query paras before the module reads the url hence signs the request correctly. This worked for my use case.