Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lua VM crash when using ngx.exec(), unsafe uri #905

Open
jayce opened this issue Nov 2, 2016 · 1 comment
Open

Lua VM crash when using ngx.exec(), unsafe uri #905

jayce opened this issue Nov 2, 2016 · 1 comment

Comments

@jayce
Copy link
Contributor

jayce commented Nov 2, 2016
edited
Loading

See crash point: ngx_http_lua_control.c.

this code return NGX_HTTP_INTERNAL_SERVER_ERROR; causes the VM to crash.

detail:

  • version openresty-1.9.7.3 and ngx_lua-0.10.0
  • system log
Oct 28 15:11:18 f02 kernel: nginx[14476]: segfault at 140d92420 ip 00007fe7f20ee40d sp 00007fff66396f20 error 4 in libluajit-5.1.so.2[7fe7f20e5000+c1000]
Oct 28 15:11:39 f02 kernel: nginx[14489]: segfault at 141380a48 ip 00007fe7f20ee40d sp 00007fff66396ea0 error 4 in libluajit-5.1.so.2[7fe7f20e5000+c1000]
Oct 28 15:11:59 f02 kernel: nginx[14486]: segfault at 141eb8f10 ip 00007fe7f20ee40d sp 00007fff66396ea0 error 4 in libluajit-5.1.so.2[7fe7f20e5000+c1000]
  • nginx log
2016/11/02 17:24:22 [error] 21115#0: *60 unsafe URI "/error_page/../" was detected *******
  • configure
        location / {
            content_by_lua_block {
                ngx.log(ngx.ERR, "/error_page/ ")
                return ngx.exec("/error_page/../")
            }
        }
  • test command
wget http://localhost/ -SO/dev/null
jayce added a commit to jayce/lua-nginx-module that referenced this issue Nov 2, 2016
@jayce
fix(ngx.exec): Lua VM crash when using ngx.exec(), unsafe uri openres…
7f512dc 
…ty#905
@doujiang24
Copy link
Member

@jayce Thanks for your report. Already replied in https://groups.google.com/d/msg/openresty/R4TuNOYqO2o/wgvRoaKZCgAJ

Will you please create a PR, please don't forgot to add test case correspond to it :)
Thanks again :)

jayce added a commit to jayce/lua-nginx-module that referenced this issue Nov 2, 2016
@jayce
fix(ngx.exec): Lua VM crash when using ngx.exec(), unsafe uri openres…
5a2876f 
…ty#905
jayce added a commit to jayce/lua-nginx-module that referenced this issue Nov 2, 2016
@jayce
bugfix: Lua VM crash when using ngx.exec(), unsafe uri openresty#905
ae8b288
@jayce jayce mentioned this issue Nov 2, 2016
Closed
agentzh pushed a commit that referenced this issue Nov 2, 2016
@jayce @agentzh
bugfix: segmentation faults might happen when ngx.exec() was fed with…
5134a9c 
… unsafe URIs (#905)

Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
p0pr0ck5 pushed a commit to p0pr0ck5/lua-nginx-module that referenced this issue Dec 30, 2016
@jayce @p0pr0ck5
bugfix: segmentation faults might happen when ngx.exec() was fed with…
18f7b79 
… unsafe URIs (openresty#905)

Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@doujiang24 @jayce