From a8372d8a840b093398531a63c94f73055e817c2b Mon Sep 17 00:00:00 2001 From: Igor Sysoev Date: Sat, 12 Apr 2008 07:29:20 +0000 Subject: [PATCH] limit CNAME recursion --- src/core/ngx_resolver.c | 25 ++++++++++++++++++++++--- src/core/ngx_resolver.h | 3 +++ 2 files changed, 25 insertions(+), 3 deletions(-) diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c index 47e43ab24..a5b8efbf6 100644 --- a/src/core/ngx_resolver.c +++ b/src/core/ngx_resolver.c @@ -435,10 +435,29 @@ ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx) /* NGX_RESOLVE_CNAME */ - ctx->name.len = rn->cnlen; - ctx->name.data = rn->u.cname; + if (ctx->recursion++ < NGX_RESOLVER_MAX_RECURSION) { - return ngx_resolve_name_locked(r, ctx); + ctx->name.len = rn->cnlen; + ctx->name.data = rn->u.cname; + + return ngx_resolve_name_locked(r, ctx); + } + + ctx->next = rn->waiting; + rn->waiting = NULL; + + /* unlock name mutex */ + + do { + ctx->state = NGX_RESOLVE_NXDOMAIN; + next = ctx->next; + + ctx->handler(ctx); + + ctx = next; + } while (ctx); + + return NGX_OK; } if (rn->waiting) { diff --git a/src/core/ngx_resolver.h b/src/core/ngx_resolver.h index 0086d6ae8..6c4afac97 100644 --- a/src/core/ngx_resolver.h +++ b/src/core/ngx_resolver.h @@ -29,6 +29,8 @@ #define NGX_NO_RESOLVER (void *) -1 +#define NGX_RESOLVER_MAX_RECURSION 50 + typedef struct { ngx_connection_t *connection; @@ -128,6 +130,7 @@ struct ngx_resolver_ctx_s { ngx_msec_t timeout; ngx_uint_t quick; /* unsigned quick:1; */ + ngx_uint_t recursion; ngx_event_t *event; };