Commit 6599ae24 authored by Buglloc's avatar Buglloc Committed by Wandenberg

fix #161 which reported a DoS on message formatter when text contains huge...

fix #161 which reported a DoS on message formatter when text contains huge number of template patterns
Signed-off-by: 's avatarWandenberg <wandenberg@gmail.com>
parent 2607243f
...@@ -111,6 +111,27 @@ describe "Publisher Publishing Messages" do ...@@ -111,6 +111,27 @@ describe "Publisher Publishing Messages" do
end end
end end
it "should format message with text contains huge number of template patterns" do
channel = 'ch_test_publish_messages_with_template_patterns'
body = "|~id~|~channel~|~text~|~event-id~|~tag~" * 20000 + "|"
response = ''
nginx_run_server(config.merge(:client_max_body_size => '2000k', :client_body_buffer_size => '2000k', :message_template => '{\"id\": \"~id~\", \"channel\": \"~channel~\", \"text\": \"~text~\", \"event_id\": \"~event-id~\",\"tag\": \"~tag~\"}'), :timeout => 15) do |conf|
EventMachine.run do
start = Time.now
pub = EventMachine::HttpRequest.new(nginx_address + '/pub?id=' + channel.to_s ).post :head => headers, :body => body
pub.stream do |chunk|
response += chunk
end
pub.callback do
(Time.now - start).should be < 0.1 #should fast proccess message
response.strip.should eql('{"channel": "ch_test_publish_messages_with_template_patterns", "published_messages": "1", "stored_messages": "1", "subscribers": "0"}')
EventMachine.stop
end
end
end
end
it "should publish many messages in the same channel" do it "should publish many messages in the same channel" do
body_prefix = 'published_message_' body_prefix = 'published_message_'
channel = 'ch_test_publish_many_messages_in_the_same_channel' channel = 'ch_test_publish_many_messages_in_the_same_channel'
......
...@@ -1201,9 +1201,9 @@ ngx_http_push_stream_format_message(ngx_http_push_stream_channel_t *channel, ngx ...@@ -1201,9 +1201,9 @@ ngx_http_push_stream_format_message(ngx_http_push_stream_channel_t *channel, ngx
txt = ngx_http_push_stream_str_replace(txt, &NGX_HTTP_PUSH_STREAM_TOKEN_MESSAGE_EVENT_ID, event_id, 0, temp_pool); txt = ngx_http_push_stream_str_replace(txt, &NGX_HTTP_PUSH_STREAM_TOKEN_MESSAGE_EVENT_ID, event_id, 0, temp_pool);
txt = ngx_http_push_stream_str_replace(txt, &NGX_HTTP_PUSH_STREAM_TOKEN_MESSAGE_EVENT_TYPE, event_type, 0, temp_pool); txt = ngx_http_push_stream_str_replace(txt, &NGX_HTTP_PUSH_STREAM_TOKEN_MESSAGE_EVENT_TYPE, event_type, 0, temp_pool);
txt = ngx_http_push_stream_str_replace(txt, &NGX_HTTP_PUSH_STREAM_TOKEN_MESSAGE_CHANNEL, channel_id, 0, temp_pool); txt = ngx_http_push_stream_str_replace(txt, &NGX_HTTP_PUSH_STREAM_TOKEN_MESSAGE_CHANNEL, channel_id, 0, temp_pool);
txt = ngx_http_push_stream_str_replace(txt, &NGX_HTTP_PUSH_STREAM_TOKEN_MESSAGE_TEXT, text, 0, temp_pool);
txt = ngx_http_push_stream_str_replace(txt, &NGX_HTTP_PUSH_STREAM_TOKEN_MESSAGE_TIME, time, 0, temp_pool); txt = ngx_http_push_stream_str_replace(txt, &NGX_HTTP_PUSH_STREAM_TOKEN_MESSAGE_TIME, time, 0, temp_pool);
txt = ngx_http_push_stream_str_replace(txt, &NGX_HTTP_PUSH_STREAM_TOKEN_MESSAGE_TAG, tag, 0, temp_pool); txt = ngx_http_push_stream_str_replace(txt, &NGX_HTTP_PUSH_STREAM_TOKEN_MESSAGE_TAG, tag, 0, temp_pool);
txt = ngx_http_push_stream_str_replace(txt, &NGX_HTTP_PUSH_STREAM_TOKEN_MESSAGE_TEXT, text, 0, temp_pool);
if (txt == NULL) { if (txt == NULL) {
ngx_log_error(NGX_LOG_ERR, temp_pool->log, 0, "push stream module: unable to allocate memory to replace message values on template"); ngx_log_error(NGX_LOG_ERR, temp_pool->log, 0, "push stream module: unable to allocate memory to replace message values on template");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment