Uploaded image for project: 'DC/OS'
  1. DC/OS
  2. DCOS_OSS-4931

GET request with large URI leads to memory corruption with the Nginx VTS module

    Details

    • Sprint:
      Security Sprint 42
    • Story Points:
      5

      Description

      Using a valid URI with no special characters that is at least 500 characters long leads to displacement in the output of the Nginx VTS module Prometheus endpoint if the $uri is captured through a nginx_vts_filter.

      We need to investigate what we can do about this problem in order to enable URI and useragent reporting for requests to Admin Router.

      Somehow limiting the number of characters in the Nginx VTS module before a filter set key/value is created would be a good start I think.

        Attachments

          Activity

            People

            • Assignee:
              timweidner Tim Weidner
              Reporter:
              timweidner Tim Weidner
              Team:
              Security Team
              Watchers:
              Jonathan Giddy, jongiddy, Martin Hrabovcin, Mergebot, Tim Weidner
            • Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: