limit CNAME recursion
diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
index 47e43ab..a5b8efb 100644
--- a/src/core/ngx_resolver.c
+++ b/src/core/ngx_resolver.c
@@ -435,10 +435,29 @@
/* NGX_RESOLVE_CNAME */
- ctx->name.len = rn->cnlen;
- ctx->name.data = rn->u.cname;
+ if (ctx->recursion++ < NGX_RESOLVER_MAX_RECURSION) {
- return ngx_resolve_name_locked(r, ctx);
+ ctx->name.len = rn->cnlen;
+ ctx->name.data = rn->u.cname;
+
+ return ngx_resolve_name_locked(r, ctx);
+ }
+
+ ctx->next = rn->waiting;
+ rn->waiting = NULL;
+
+ /* unlock name mutex */
+
+ do {
+ ctx->state = NGX_RESOLVE_NXDOMAIN;
+ next = ctx->next;
+
+ ctx->handler(ctx);
+
+ ctx = next;
+ } while (ctx);
+
+ return NGX_OK;
}
if (rn->waiting) {
diff --git a/src/core/ngx_resolver.h b/src/core/ngx_resolver.h
index 0086d6a..6c4afac 100644
--- a/src/core/ngx_resolver.h
+++ b/src/core/ngx_resolver.h
@@ -29,6 +29,8 @@
#define NGX_NO_RESOLVER (void *) -1
+#define NGX_RESOLVER_MAX_RECURSION 50
+
typedef struct {
ngx_connection_t *connection;
@@ -128,6 +130,7 @@
ngx_msec_t timeout;
ngx_uint_t quick; /* unsigned quick:1; */
+ ngx_uint_t recursion;
ngx_event_t *event;
};