Howdy all
I was looking at my log file and noticed a bunch of requests for /…/,
/…/, etc. Presumably
these are someone attempting to be malicious.
Now, here’s the problem. I tried these to see what would happen. All of
them correctly give a
404, except
2009/08/27 08:45:55 [emerg] 3648#5828: *2345 malloc() 4294967013 bytes
failed (8: Not
enough storage is available to process this command), client:
24.166.74.152, server: (my
server), request: “GET /(some directory)/…/ HTTP/1.1”, host: “(my
server)”
Evidently Nginx must get a negative number somehow for the length and
malloc that. Only
happens with three dots.
This might have security implications, so you should look at it.
-James