Skip to content
Permalink
Browse files Browse the repository at this point in the history
Request: new request session flag to mark those files opened by FDT
This patch aims to fix a potential DDoS problem that can be caused
in the server quering repetitive non-existent resources.

When serving a static file, the core use Vhost FDT mechanism, but if
it sends a static error page it does a direct open(2). When closing
the resources for the same request it was just calling mk_vhost_close()
which did not clear properly the file descriptor.

This patch adds a new field on the struct session_request called 'fd_is_fdt',
which contains MK_TRUE or MK_FALSE depending of how fd_file was opened.

Thanks to Matthew Daley <mattd@bugfuzz.com> for report and troubleshoot this
problem.

Signed-off-by: Eduardo Silva <eduardo@monkey.io>
  • Loading branch information
edsiper committed Aug 16, 2014
1 parent f9d0f8d commit b2d0e6f
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 4 deletions.
12 changes: 11 additions & 1 deletion include/monkey/mk_request.h
Expand Up @@ -159,8 +159,18 @@ struct session_request
long port;
/*------------*/

/* file descriptors */
/*
* Static file file descriptor: the following twp fields represents an
* opened file in the file system and a flag saying which mechanism
* was used to open it.
*
* - fd_file : common file descriptor
* - fd_is_fdt: set to MK_TRUE if fd_file was opened using Vhost FDT, or
* MK_FALSE for the opposite case.
*/
int fd_file;
int fd_is_fdt;


int headers_len;

Expand Down
10 changes: 8 additions & 2 deletions src/mk_request.c
Expand Up @@ -99,7 +99,12 @@ static inline void mk_request_init(struct session_request *request)
void mk_request_free(struct session_request *sr)
{
if (sr->fd_file > 0) {
mk_vhost_close(sr);
if (sr->fd_is_fdt == MK_TRUE) {
mk_vhost_close(sr);
}
else {
close(sr->fd_file);
}
}

if (sr->headers.location) {
Expand Down Expand Up @@ -841,7 +846,8 @@ int mk_request_error(int http_status, struct client_session *cs,
break;
}

sr->fd_file = fd;
sr->fd_file = fd;
sr->fd_is_fdt = MK_FALSE;
sr->bytes_to_send = finfo.size;
sr->headers.content_length = finfo.size;
sr->headers.real_length = finfo.size;
Expand Down
2 changes: 1 addition & 1 deletion src/mk_vhost.c
Expand Up @@ -220,6 +220,7 @@ static inline int mk_vhost_fdt_open(int id, unsigned int hash,

sr->vhost_fdt_id = id;
sr->vhost_fdt_hash = hash;
sr->fd_is_fdt = MK_TRUE;

return fd;
}
Expand Down Expand Up @@ -262,7 +263,6 @@ static inline int mk_vhost_fdt_close(struct session_request *sr)
return 0;
}
}

return close(sr->fd_file);
}

Expand Down

0 comments on commit b2d0e6f

Please sign in to comment.