Re: trouble with set_escape_uri directive in nginx 1.8.0

[Maxim Dounin]

Hello!

On Fri, Aug 21, 2015 at 07:07:22PM +0530, gaurav gupta wrote:

> Hello Folks,
> 
> We are setting up a new server(from a VM image) and it works absolutely
> fine with nginx 1.6. When we upgrade to latest stable version(1.8.0), nginx
> fails to start with following error:
> 
> nginx: [emerg] unknown directive "set_escape_uri" in
> /etc/nginx/xyx_company.conf:8
> nginx: configuration file /etc/nginx/nginx.conf test failed
> 
> 
> We upgraded nginx version to 1.9.3 and nginx is starting perfectly fine. So
> before moving with 1.9.3, just wanted to check if it's a know issue with
> 1.8.0 or we might be missing something. Please let me know if I can share
> some more information to help us.

In nginx there is no "set_escape_uri" directive.  You are probably 
using some 3rd party module for it (set misc?), so check if your 
new nginx build includes the module you are using.

-- 
Maxim Dounin
http://nginx.org/

___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Re: ngx_execute_proc

[Tolga Ceylan]

On Sun, Aug 23, 2015 at 11:38 AM, Ricardo Iramar dos Santos
 wrote:
> Hi Tolga, thanks a lot for your replay! :)
>
> Searching on the source code I found that ngx_execute_proc() has been
> declared and invoked inside src/os/unix/ngx_process.c.
>
> ricardo@matrix:~/Documents/nginx-1.9.3$ grep -ri ngx_execute_proc *
> Binary file objs/src/os/unix/ngx_process.o matches
> Binary file objs/nginx matches
> src/os/unix/ngx_process.c:static void ngx_execute_proc(ngx_cycle_t
> *cycle, void *data);
> src/os/unix/ngx_process.c:return ngx_spawn_process(cycle,
> ngx_execute_proc, ctx, ctx->name,
> src/os/unix/ngx_process.c:ngx_execute_proc(ngx_cycle_t *cycle, void *data)
>
> The function ngx_execute_proc() is really small, take a look:
>
> static void
> ngx_execute_proc(ngx_cycle_t *cycle, void *data)
> {
> ngx_exec_ctx_t  *ctx = data;
>
> if (execve(ctx->path, ctx->argv, ctx->envp) == -1) {
> ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_errno,
>   "execve() failed while executing %s \"%s\"",
>   ctx->name, ctx->path);
> }
>
> exit(1);
> }
>
> And this is the function which maybe ngx_execute_proc() is invoked.
>
> ngx_pid_t
> ngx_execute(ngx_cycle_t *cycle, ngx_exec_ctx_t *ctx)
> {
> return ngx_spawn_process(cycle, ngx_execute_proc, ctx, ctx->name,
>  NGX_PROCESS_DETACHED);
> }
>
> I didn't get yet where in the code of upgrading process touch the
> functions above.
> I didn't find in ngx_exec_new_binary() (/src/core/nginx.c) invoking
> ngx_execute_proc() directly.
> I'm trying to find a "command injection" vulnerabilities so I need to
> trace the parameters "ctx->path, ctx->argv and ctx->envp" and where
> the users input some data on them.
>
> Thanks!
> Ricardo Iramar
>

Hi Ricardo,

In nginx.c, ngx_exec_new_binary() calls ngx_execute(), which calls
ngx_spawn_process() with "ngx_execute_proc" function pointer.

This is all triggered via "new binary" signal. The signal handler will
set "ngx_change_binary". ngx_master_process_cycle()
checks if ngx_change_binary is set and call ngx_exec_new_binary().

Hope this helps,
Tolga

___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel