trimstray
commented
5 years ago Hi @p0pr0ck5,
Thanks for an interesting point of view.
I don't agree with this. I think this helps to prevent buffer overflow attacks from occurring by setting buffer size limitations for clients. Also please see OWASP Secure Configuration Guide.
Also Acunetix say:
Buffer overflow attacks are made possible by writing data to a buffer and exceeding that buffers’ boundary and overwriting memory fragments of a process. To prevent this in nginx we can set buffer size limitations for all clients. This can be done through the Nginx configuration file using the following directives.
You may know other ways to protect from "Buffer Overflow"?
https://github.com/trimstray/nginx-quick-reference/blob/master/README.md#beginner-control-buffer-overflow-attacks
The language of this makes it seem like the directives are intended to protect against memory corruption attacks, which is incorrect. These directives control the behavior of when Nginx buffers data in memory vs writing the buffer to disk temporarily to avoid allocating too much memory. It has nothing to do with mitigating memory corruption attacks.