Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Using invalid msgid for dos attacks? #670

Open
Shonke opened this issue Jun 23, 2023 · 2 comments
Open

Using invalid msgid for dos attacks? #670

Shonke opened this issue Jun 23, 2023 · 2 comments

Comments

@Shonke
Copy link

Shonke commented Jun 23, 2023

I tested and found that invalid msgid will cause the process to exit.

I am using nginx-mod-nchan installed in APT repositories:
libnginx-mod-nchan/testing,now 1:1.3.6+dfsg-2 amd64 [installed]

term1 # nginx -c /root/test1.conf
2023/06/23 21:10:02 [notice] 3938991#3938991: using the "epoll" event method
2023/06/23 21:10:02 [notice] 3938991#3938991: nginx/1.22.1
2023/06/23 21:10:02 [notice] 3938991#3938991: OS: Linux 6.1.0-9-amd64
2023/06/23 21:10:02 [notice] 3938991#3938991: getrlimit(RLIMIT_NOFILE): 5000:65535
2023/06/23 21:10:02 [notice] 3938991#3938991: start worker processes
2023/06/23 21:10:02 [notice] 3938991#3938991: start worker process 3938992
2023/06/23 21:10:13 [info] 3938992#3938992: *1 client prematurely closed connection, client: 127.0.0.1, server: _, request: "GET /sub?last_event_id=1: HTTP/1.1", host: "127.0.0.1:8200"
nginx: worker process: ././src/store/spool.c:479: spool_fetch_msg: Assertion `spool->msg_status == MSG_INVALID' failed.
2023/06/23 21:10:14 [notice] 3938991#3938991: signal 17 (SIGCHLD) received from 3938992
2023/06/23 21:10:14 [alert] 3938991#3938991: worker process 3938992 exited on signal 6
2023/06/23 21:10:14 [notice] 3938991#3938991: start worker process 3939157

^C2023/06/23 21:12:27 [notice] 3939157#3939157: signal 2 (SIGINT) received, exiting
2023/06/23 21:12:27 [notice] 3938991#3938991: signal 2 (SIGINT) received, exiting
2023/06/23 21:12:27 [info] 3939157#3939157: epoll_wait() failed (4: Interrupted system call)
2023/06/23 21:12:27 [notice] 3939157#3939157: exiting
2023/06/23 21:12:27 [notice] 3939157#3939157: exit
2023/06/23 21:12:27 [notice] 3938991#3938991: signal 17 (SIGCHLD) received from 3939157
2023/06/23 21:12:27 [notice] 3938991#3938991: worker process 3939157 exited with code 0
2023/06/23 21:12:27 [notice] 3938991#3938991: exit
term2 # curl "http://127.0.0.1:8200/sub?last_event_id=1:"
^C
term2 # curl "http://127.0.0.1:8200/sub?last_event_id=1:"
curl: (52) Empty reply from server
term2 # curl "http://127.0.0.1:8200/sub?last_event_id=1:"
^C
term2 # curl "http://127.0.0.1:8200/sub?last_event_id=1:"
curl: (52) Empty reply from server
term2 #

nginx.conf:

daemon off;
worker_processes 1;
master_process on;

error_log /dev/stderr info;
pid /var/run/nginx1.pid;

load_module modules/ngx_nchan_module.so;
events {}

http {
  server {
    listen 8200;
    server_name _ default;
    location /sub {
      nchan_subscriber ;
      nchan_channel_id test1;
    }
  }
}
@Shonke Shonke changed the title Using invalid msgid for dos attacks Using invalid msgid for dos attacks? Jun 23, 2023
@slact
Copy link
Owner

slact commented Jul 25, 2023

please add

    location /nchan_stub_status { 
      nchan_stub_status; 
    } 

and show me the output of curl http://127.0.0.1:8200/nchan_stub_status

@Shonke
Copy link
Author

Shonke commented Jul 26, 2023

please add

    location /nchan_stub_status { 
      nchan_stub_status; 
    } 

and show me the output of curl http://127.0.0.1:8200/nchan_stub_status

I will try again using the latest version

the nginx configuration

daemon off;
worker_processes 1;
master_process on;

error_log /dev/stderr info;
pid /var/run/nginx1.pid;

load_module modules/ngx_nchan_module.so;

events {}

http {
  server {
    listen 8200;
    server_name _ default;

    location /sub {
      nchan_subscriber ;
      nchan_channel_id test1;
    }

    location /nchan_stub_status {
      nchan_stub_status;
    }
  }
}

nginx output

term1 ~# nginx -c /root/test1.conf
2023/07/26 14:40:21 [notice] 2751287#2751287: using the "epoll" event method
2023/07/26 14:40:21 [notice] 2751287#2751287: nginx/1.22.1
2023/07/26 14:40:21 [notice] 2751287#2751287: OS: Linux 6.1.0-9-amd64
2023/07/26 14:40:21 [notice] 2751287#2751287: getrlimit(RLIMIT_NOFILE): 5000:65535
2023/07/26 14:40:21 [notice] 2751287#2751287: start worker processes
2023/07/26 14:40:21 [notice] 2751287#2751287: start worker process 2751288

2023/07/26 14:40:41 [info] 2751288#2751288: *1 client 127.0.0.1 closed keepalive connection
2023/07/26 14:41:01 [info] 2751288#2751288: *3 client 127.0.0.1 closed keepalive connection
2023/07/26 14:41:06 [info] 2751288#2751288: *2 client prematurely closed connection, client: 127.0.0.1, server: _, request: "GET /sub?last_event_id=1: HTTP/1.1", host: "127.0.0.1:8200"
2023/07/26 14:41:18 [info] 2751288#2751288: *5 client 127.0.0.1 closed keepalive connection
2023/07/26 14:41:23 [info] 2751288#2751288: *4 client prematurely closed connection, client: 127.0.0.1, server: _, request: "GET /sub?last_event_id=1: HTTP/1.1", host: "127.0.0.1:8200"
nginx: worker process: ././src/store/spool.c:479: spool_fetch_msg: Assertion `spool->msg_status == MSG_INVALID' failed.
2023/07/26 14:41:24 [notice] 2751287#2751287: signal 17 (SIGCHLD) received from 2751288
2023/07/26 14:41:24 [alert] 2751287#2751287: worker process 2751288 exited on signal 6
2023/07/26 14:41:24 [notice] 2751287#2751287: start worker process 2752233
2023/07/26 14:41:27 [info] 2752233#2752233: *7 client 127.0.0.1 closed keepalive connection



^C2023/07/26 14:42:13 [notice] 2751287#2751287: signal 2 (SIGINT) received, exiting
2023/07/26 14:42:13 [notice] 2752233#2752233: signal 2 (SIGINT) received, exiting
2023/07/26 14:42:13 [notice] 2752233#2752233: exiting
2023/07/26 14:42:13 [notice] 2752233#2752233: exit
2023/07/26 14:42:13 [notice] 2751287#2751287: signal 17 (SIGCHLD) received from 2752233
2023/07/26 14:42:13 [notice] 2751287#2751287: worker process 2752233 exited with code 0
2023/07/26 14:42:13 [notice] 2751287#2751287: exit

curl terminal

term2 ~# curl "http://127.0.0.1:8200/sub?last_event_id=1:"
^C⏎
term2 ~ [SIGINT]# curl "http://127.0.0.1:8200/sub?last_event_id=1:"
^C⏎
term2 ~ [SIGINT]# curl "http://127.0.0.1:8200/sub?last_event_id=1:"
curl: (52) Empty reply from server
term2 ~ [52]#

stub_status info

term3 ~# # After nginx startup 
term3 ~# curl http://127.0.0.1:8200/nchan_stub_status
total published messages: 0
stored messages: 0
shared memory used: 16K
shared memory limit: 131072K
channels: 0
subscribers: 0
redis pending commands: 0
redis connected servers: 0
redis unhealthy upstreams: 0
total redis commands sent: 0
total interprocess alerts received: 0
interprocess alerts in transit: 0
interprocess queued alerts: 0
total interprocess send delay: 0
total interprocess receive delay: 0
nchan version: 1.3.6
term3 ~#
term3 ~# # Subscribe using curl
term3 ~# curl http://127.0.0.1:8200/nchan_stub_status
total published messages: 0
stored messages: 0
shared memory used: 20K
shared memory limit: 131072K
channels: 1
subscribers: 1
redis pending commands: 0
redis connected servers: 0
redis unhealthy upstreams: 0
total redis commands sent: 0
total interprocess alerts received: 0
interprocess alerts in transit: 0
interprocess queued alerts: 0
total interprocess send delay: 0
total interprocess receive delay: 0
nchan version: 1.3.6
term3 ~#
term3 ~#
term3 ~# # Interrupt curl subscription with ctrl+c
term3 ~# curl http://127.0.0.1:8200/nchan_stub_status
total published messages: 0
stored messages: 0
shared memory used: 20K
shared memory limit: 131072K
channels: 1
subscribers: 1
redis pending commands: 0
redis connected servers: 0
redis unhealthy upstreams: 0
total redis commands sent: 0
total interprocess alerts received: 0
interprocess alerts in transit: 0
interprocess queued alerts: 0
total interprocess send delay: 0
total interprocess receive delay: 0
nchan version: 1.3.6
term3 ~#
term3 ~# # After using curl subscription for the third time
term3 ~# curl http://127.0.0.1:8200/nchan_stub_status
total published messages: 0
stored messages: 0
shared memory used: 20K
shared memory limit: 131072K
channels: 0
subscribers: 0
redis pending commands: 0
redis connected servers: 0
redis unhealthy upstreams: 0
total redis commands sent: 0
total interprocess alerts received: 0
interprocess alerts in transit: 0
interprocess queued alerts: 0
total interprocess send delay: 0
total interprocess receive delay: 0
nchan version: 1.3.6
term3 ~#

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants