Worrisome logfile entry

Howdy all

I was looking at my log file and noticed a bunch of requests for /…/,
/…/, etc. Presumably
these are someone attempting to be malicious.

Now, here’s the problem. I tried these to see what would happen. All of
them correctly give a
404, except

2009/08/27 08:45:55 [emerg] 3648#5828: *2345 malloc() 4294967013 bytes
failed (8: Not
enough storage is available to process this command), client:
24.166.74.152, server: (my
server), request: “GET /(some directory)/…/ HTTP/1.1”, host: “(my
server)”

Evidently Nginx must get a negative number somehow for the length and
malloc that. Only
happens with three dots.

This might have security implications, so you should look at it.

-James

On Thu, Aug 27, 2009 at 09:54:46AM -0400, [email protected] wrote:

server), request: “GET /(some directory)/…/ HTTP/1.1”, host: “(my server)”

Evidently Nginx must get a negative number somehow for the length and malloc that. Only
happens with three dots.

This might have security implications, so you should look at it.

Speak by error number and message you use nginx/Windows. What version ?
Before 0.8.6 nginx/Windows checked “/…/”, since on Win95+ this is
equal to “/…/…/”. However, in 0.8.7 the check was removed because
nginx/Windows does not support Win95+ family.

Could you show the exact request - “GET /(some directory)/…/ HTTP/1.1”
?