Overview
A buffer overflow occurs that cuts off the closing </header>
tag mid-way, resulting in the page loosing any semblance of useful rendering.
Cause: Undetermined
The buffer overflow is caused by a yet undetermined factor involving the environment the module is built on and/or a bug within the code that I have been unable to locate.
Affected Versions
To the best of my knowledge, this affects all alpha and beta releases thus far, which would include: 1.0.0-[beta|alpha][0-9]
.
Scenarios
The Broken Environment
I maintain an Nginx PPA on Launchpad for Scribe Inc that includes mainline builds of Nginx. These builds utilize Thomas Ward's packages on the official Nginx Development PPA.
The Scribe Nginx PPA builds directly off the amazing work of the previously referenced Thomas Ward builds. The only substantial deviation from the official mainline PPA releases are the removal and addition of specific modules that are used at Scribe.
Currently, when this module is included in a build of Nginx prepared for a PPA-automated build environment and compiled either locally using SimpleSbuild or via an official Launchpad builder agent, this error arises.
I am provided both a link to an an active instance of Nginx running the broken build (http://45.55.156.174/status) as well as a screen-shot of the unexpected output:
Additionally, you can view a capture of the broken HTML.
The Working Environment
When the module is compiled into a clean Nginx source-tree locally, via the Rake-based task manager provided, and tested against the (admittedly simplistic) RSpec assertions, the module performs as expected.
Note: See the Compiling and Testing section of our RTD documentation for information about how the Ruby/Rake/RSpec/Bash tool-chain is implemented.
If you aren't interested in installing the Ruby requirements and dependencies, you can perform the entire operation in a few simple steps to achieve the same configured and compiled state as you would when using the automated tool-chain:
Compile Manually (Alternative to Rake)
1. Define the Nginx version you'd like to download, as well as any compiler arguments you'd like to pass. Note that changing the O
flag from 0 to 3 did not produce any unexpected behavior for me; I do not believe it is related to any compiler optimizations.
$ NGX_VERSION=1.7.10
$ CFLAGS="-g -O3"
2. Clone the repository and enter the directory. Create the required folder structure within the repository root folder to place the Nginx source code, as well as its compiled binaries and installation assets.
$ git clone https://github.com/scribenet/nginx-servats-module.git
$ cd nginx-servats-module && \
mkdir build && \
mkdir vendor && \
cd vendor
3. Download the Nginx source, patch it, configure it, and perform the compilation and install.
$ curl -s -L -O http://nginx.org/download/nginx-${NGX_VERSION}.tar.gz
$ tar --strip-components=1 -zxf nginx-${NGX_VERSION}.tar.gz
$ patch -p1 < ../patches/http_servats_nginx_${NGX_VERSION}.patch
$ ./configure \
--prefix=$(pwd)/../build/ \
--conf-path=conf/nginx.conf \
--error-log-path=logs/error.log \
--http-log-path=logs/access.log \
--add-module=../module/
$ make install
4. Either edit the configuration file yourself, manually (at *build/config/nginx.conf
) or simply copy over the configuration included in the repository for automated testing. After doing so, start up Nginx!*
$ cp ../scripts/fixtures/nginx.conf ../build/conf/nginx.conf
$ ../build/sbin/nginx
5. If you used the configuration file provided, you should now be able to navigate to *http://http://localhost:8888/servats
to view the status page.*
You can see the results of such a successful build, showing the intended behavior via the provided link (http://104.236.117.189/status) as well as the following screen-shot:
Thoughts/Comments
Any thoughts/comments would be more than welcome. The function that adds the <header> [...] </header>
data to the chain can be found at the following URL.
/scribenet/nginx-servats-module/[...]/ngx_http_servats_module.c#L527