search

kvspb / nginx-auth-ldap

LDAP authentication module for nginx
BSD 2-Clause "Simplified" License
731 stars 251 forks source link

remove timedout request ctx's from waiting_requests queue #157

Closed i-rinat closed 7 years ago

i-rinat commented 7 years ago

The patch addresses a possible crash in case of non-working LDAP server.

At the moment, if request context gets into server->waiting_requests queue, it can be read in ngx_http_auth_ldap_get_connection() after context memory is freed, because it is still in the queue after request was timed out.

i-rinat commented 7 years ago

One can verify that there was a use-after-free by compiling nginx with nginx-auth-ldap module having NGX_DEBUG_PALLOC=1 macro definition. That will make every pool allocation to be actually a separate call to malloc, allowing use of Valgrind.

Then, configure a single LDAP backend, run Nginx (single process mode, preferably) under Valgrind. Then make a request with an authorization, wait for timeout. Then make request one more time. On the second time, you should be able to see use-after-free event from Valgrind.

i-rinat commented 7 years ago

Issues #143, #104, #56, and #33 all look related. There are either crashes in functions that use server->waiting_requests or very similar condition — crashing when LDAP backend is not online.