Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-41556: [core] release connections in CLOSE_WAIT & CON_STATE_READ_POST state by gmd20 · Pull Request #115 · lighttpd/lighttpd1.4

A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.

CVE
Open in Source
#dos

Many CLOSE_WAIT connetions are seen on live sytem, and there connections will never been closed.

Please describe your issue with (much) more detail. Your proposed “solution” is not valid. Both proposed changes are wrong.

Hi gstrauss, this is another issue found on CentOS-8 with lighttpd-1.14.66.

  1. I found there were more and more CLOSE-WAIT connections, and these connections
    were never closed. Finaly the number of connections exceeds the
    “server.max-connections = 1024” limit, and lighttpd ran out of conection.

    / # ss -napt | grep lighttpd LISTEN 0 512 0.0.0.0:443 0.0.0.0:* users:(("lighttpd",pid=24691,fd=12)) LISTEN 0 512 0.0.0.0:80 0.0.0.0:* users:(("lighttpd",pid=24691,fd=14)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.11.75:48459 users:(("lighttpd",pid=24691,fd=198)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.11.75:48634 users:(("lighttpd",pid=24691,fd=220)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.122:39064 users:(("lighttpd",pid=24691,fd=250)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.52:43918 users:(("lighttpd",pid=24691,fd=182)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.122:44777 users:(("lighttpd",pid=24691,fd=248)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.3.114:48270 users:(("lighttpd",pid=24691,fd=113)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.169:58588 users:(("lighttpd",pid=24691,fd=280)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.4.41:44572 users:(("lighttpd",pid=24691,fd=264)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.122:41816 users:(("lighttpd",pid=24691,fd=282)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.49:52136 users:(("lighttpd",pid=24691,fd=174)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:39873 users:(("lighttpd",pid=24691,fd=27)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.122:48866 users:(("lighttpd",pid=24691,fd=247)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:42241 users:(("lighttpd",pid=24691,fd=37)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.49:42526 users:(("lighttpd",pid=24691,fd=161)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.122:48205 users:(("lighttpd",pid=24691,fd=277)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.9.170:38381 users:(("lighttpd",pid=24691,fd=136)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.122:47846 users:(("lighttpd",pid=24691,fd=286)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.11.75:47985 users:(("lighttpd",pid=24691,fd=191)) CLOSE-WAIT 0 0 172.31.0.1:443 172.16.11.60:39274 users:(("lighttpd",pid=24691,fd=309)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.122:41938 users:(("lighttpd",pid=24691,fd=267)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:47148 users:(("lighttpd",pid=24691,fd=35)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.49:56832 users:(("lighttpd",pid=24691,fd=178)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.49:33508 users:(("lighttpd",pid=24691,fd=139)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.122:41855 users:(("lighttpd",pid=24691,fd=261)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.1.2:52154 users:(("lighttpd",pid=24691,fd=221)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.6.54:38998 users:(("lighttpd",pid=24691,fd=256)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.9.170:40227 users:(("lighttpd",pid=24691,fd=119)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:39923 users:(("lighttpd",pid=24691,fd=51)) CLOSE-WAIT 0 0 172.31.0.1:443 172.16.12.215:43508 users:(("lighttpd",pid=24691,fd=311)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:42431 users:(("lighttpd",pid=24691,fd=52)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.9.170:46768 users:(("lighttpd",pid=24691,fd=126)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:49855 users:(("lighttpd",pid=24691,fd=74)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:47905 users:(("lighttpd",pid=24691,fd=59)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.122:47113 users:(("lighttpd",pid=24691,fd=278)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.169:37490 users:(("lighttpd",pid=24691,fd=288)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.9.170:47693 users:(("lighttpd",pid=24691,fd=116)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.11.75:47390 users:(("lighttpd",pid=24691,fd=212)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.3.183:49692 users:(("lighttpd",pid=24691,fd=66)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.11.75:49676 users:(("lighttpd",pid=24691,fd=185)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.9.170:47055 users:(("lighttpd",pid=24691,fd=124)) CLOSE-WAIT 0 0 172.31.0.1:443 172.16.12.34:41026 users:(("lighttpd",pid=24691,fd=283)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.3.183:44845 users:(("lighttpd",pid=24691,fd=87)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.4.41:45100 users:(("lighttpd",pid=24691,fd=302)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.3.183:45650 users:(("lighttpd",pid=24691,fd=103)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:39112 users:(("lighttpd",pid=24691,fd=65)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:40865 users:(("lighttpd",pid=24691,fd=42)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.122:40339 users:(("lighttpd",pid=24691,fd=64)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.11.75:48210 users:(("lighttpd",pid=24691,fd=237)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.11.75:41113 users:(("lighttpd",pid=24691,fd=211)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.52:56854 users:(("lighttpd",pid=24691,fd=181)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.11.22:59446 users:(("lighttpd",pid=24691,fd=325)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:40031 users:(("lighttpd",pid=24691,fd=33)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.3.183:43945 users:(("lighttpd",pid=24691,fd=84)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.9.170:45401 users:(("lighttpd",pid=24691,fd=130)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.15.91:54820 users:(("lighttpd",pid=24691,fd=213)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.3.183:49628 users:(("lighttpd",pid=24691,fd=105)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.11.75:45298 users:(("lighttpd",pid=24691,fd=239)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.3.183:44253 users:(("lighttpd",pid=24691,fd=85)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.122:38465 users:(("lighttpd",pid=24691,fd=265)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.11.75:41357 users:(("lighttpd",pid=24691,fd=236)) CLOSE-WAIT 0 0 172.31.0.1:443 172.16.14.193:38728 users:(("lighttpd",pid=24691,fd=245)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.11.75:41097 users:(("lighttpd",pid=24691,fd=202)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.9.170:38434 users:(("lighttpd",pid=24691,fd=118)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:39019 users:(("lighttpd",pid=24691,fd=91)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.52:52392 users:(("lighttpd",pid=24691,fd=169)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.13.231:33666 users:(("lighttpd",pid=24691,fd=269)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:40738 users:(("lighttpd",pid=24691,fd=77)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.9.170:45446 users:(("lighttpd",pid=24691,fd=125)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:39225 users:(("lighttpd",pid=24691,fd=25)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.8.66:40847 users:(("lighttpd",pid=24691,fd=117)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.9.170:42669 users:(("lighttpd",pid=24691,fd=180)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.11.75:41900 users:(("lighttpd",pid=24691,fd=229)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.3.183:43482 users:(("lighttpd",pid=24691,fd=75)) CLOSE-WAIT 0 0 172.31.0.1:443 172.16.9.138:49744 users:(("lighttpd",pid=24691,fd=285)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:45200 users:(("lighttpd",pid=24691,fd=41)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.9.170:47605 users:(("lighttpd",pid=24691,fd=150)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.122:41731 users:(("lighttpd",pid=24691,fd=243)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.3.183:40798 users:(("lighttpd",pid=24691,fd=107)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.3.183:41848 users:(("lighttpd",pid=24691,fd=102)) CLOSE-WAIT 0 0 172.31.0.1:443 172.16.12.215:43464 users:(("lighttpd",pid=24691,fd=304)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.11.197:58992 users:(("lighttpd",pid=24691,fd=273)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.4.41:58178 users:(("lighttpd",pid=24691,fd=272)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.9.170:45277 users:(("lighttpd",pid=24691,fd=151)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.9.170:42637 users:(("lighttpd",pid=24691,fd=167)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.11.75:41214 users:(("lighttpd",pid=24691,fd=226)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:40604 users:(("lighttpd",pid=24691,fd=45)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.9.170:45118 users:(("lighttpd",pid=24691,fd=144)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.3.183:44761 users:(("lighttpd",pid=24691,fd=110)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.2.72:57860 users:(("lighttpd",pid=24691,fd=341)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.122:42009 users:(("lighttpd",pid=24691,fd=296)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.3.183:39596 users:(("lighttpd",pid=24691,fd=131)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.9.170:38213 users:(("lighttpd",pid=24691,fd=135)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.9.170:41963 users:(("lighttpd",pid=24691,fd=72)) CLOSE-WAIT 0 0 172.31.0.1:443 172.16.9.138:49792 users:(("lighttpd",pid=24691,fd=210)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:42750 users:(("lighttpd",pid=24691,fd=54)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.11.75:49445 users:(("lighttpd",pid=24691,fd=254)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.3.183:44742 users:(("lighttpd",pid=24691,fd=98)) CLOSE-WAIT 0 0 172.31.0.1:443 172.16.8.39:42366 users:(("lighttpd",pid=24691,fd=207)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.49:48706 users:(("lighttpd",pid=24691,fd=158)) CLOSE-WAIT 0 0 172.31.0.1:443 172.16.11.60:49364 users:(("lighttpd",pid=24691,fd=238)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.6.9:41511 users:(("lighttpd",pid=24691,fd=50)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.9.170:38167 users:(("lighttpd",pid=24691,fd=133)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.3.114:44900 users:(("lighttpd",pid=24691,fd=216)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.9.170:45077 users:(("lighttpd",pid=24691,fd=123)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.4.41:44300 users:(("lighttpd",pid=24691,fd=281)) CLOSE-WAIT 0 0 172.31.0.1:443 172.16.9.138:49762 users:(("lighttpd",pid=24691,fd=274)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.3.183:49927 users:(("lighttpd",pid=24691,fd=94)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:39792 users:(("lighttpd",pid=24691,fd=95)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.122:41385 users:(("lighttpd",pid=24691,fd=270)) CLOSE-WAIT 0 0 172.31.0.1:443 172.16.10.96:41312 users:(("lighttpd",pid=24691,fd=228)) ESTAB 0 0 172.31.0.1:80 172.16.10.38:41136 users:(("lighttpd",pid=24691,fd=200)) CLOSE-WAIT 0 0 172.31.0.1:443 172.16.10.145:60450 users:(("lighttpd",pid=24691,fd=317)) CLOSE-WAIT 0 0 172.31.0.1:443 172.16.11.60:40294 users:(("lighttpd",pid=24691,fd=299)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.49:60894 users:(("lighttpd",pid=24691,fd=164)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.9.142:49376 users:(("lighttpd",pid=24691,fd=315)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.122:45965 users:(("lighttpd",pid=24691,fd=291)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.6.9:47604 users:(("lighttpd",pid=24691,fd=26)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.169:37076 users:(("lighttpd",pid=24691,fd=104)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.49:58726 users:(("lighttpd",pid=24691,fd=170)) CLOSE-WAIT 0 0 172.31.0.1:443 172.16.13.197:41956 users:(("lighttpd",pid=24691,fd=204)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.3.114:49546 users:(("lighttpd",pid=24691,fd=253)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.49:35920 users:(("lighttpd",pid=24691,fd=138)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.3.183:48074 users:(("lighttpd",pid=24691,fd=89)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.3.183:47859 users:(("lighttpd",pid=24691,fd=101)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:45161 users:(("lighttpd",pid=24691,fd=67)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.3.183:49702 users:(("lighttpd",pid=24691,fd=111)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.8.66:39208 users:(("lighttpd",pid=24691,fd=115)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.3.183:44952 users:(("lighttpd",pid=24691,fd=79)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.122:41881 users:(("lighttpd",pid=24691,fd=242)) CLOSE-WAIT 0 0 172.31.0.1:443 172.16.3.194:41226 users:(("lighttpd",pid=24691,fd=347)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.3.183:49604 users:(("lighttpd",pid=24691,fd=88)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.3.183:42466 users:(("lighttpd",pid=24691,fd=83)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.52:48554 users:(("lighttpd",pid=24691,fd=187)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.11.22:56668 users:(("lighttpd",pid=24691,fd=303)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.3.183:43965 users:(("lighttpd",pid=24691,fd=56)) CLOSE-WAIT 0 0 172.31.0.1:443 172.16.11.60:40320 users:(("lighttpd",pid=24691,fd=279)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:43524 users:(("lighttpd",pid=24691,fd=53)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.9.170:49497 users:(("lighttpd",pid=24691,fd=195)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.49:57016 users:(("lighttpd",pid=24691,fd=162)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.49:35678 users:(("lighttpd",pid=24691,fd=172)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.4.41:58462 users:(("lighttpd",pid=24691,fd=310)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.49:33644 users:(("lighttpd",pid=24691,fd=160)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:42837 users:(("lighttpd",pid=24691,fd=39)) CLOSE-WAIT 0 0 172.31.0.1:443 172.16.10.5:53968 users:(("lighttpd",pid=24691,fd=287)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:39199 users:(("lighttpd",pid=24691,fd=32)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.4.41:40784 users:(("lighttpd",pid=24691,fd=305)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.49:34336 users:(("lighttpd",pid=24691,fd=159)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.4.41:46296 users:(("lighttpd",pid=24691,fd=258)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:45798 users:(("lighttpd",pid=24691,fd=86)) CLOSE-WAIT 0 0 172.31.0.1:443 172.16.4.67:59776 users:(("lighttpd",pid=24691,fd=82)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.49:52930 users:(("lighttpd",pid=24691,fd=171)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.9.170:38717 users:(("lighttpd",pid=24691,fd=129)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.9.170:47831 users:(("lighttpd",pid=24691,fd=165)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.4.41:53350 users:(("lighttpd",pid=24691,fd=290)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.3.183:49555 users:(("lighttpd",pid=24691,fd=76)) CLOSE-WAIT 0 0 172.31.0.1:443 172.16.5.127:44524 users:(("lighttpd",pid=24691,fd=209)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.49:58832 users:(("lighttpd",pid=24691,fd=108)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:44559 users:(("lighttpd",pid=24691,fd=31)) ESTAB 0 0 172.31.0.1:80 172.16.10.38:43732 users:(("lighttpd",pid=24691,fd=132)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:48293 users:(("lighttpd",pid=24691,fd=60)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.52:43678 users:(("lighttpd",pid=24691,fd=184)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.11.75:46428 users:(("lighttpd",pid=24691,fd=214)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.52:43040 users:(("lighttpd",pid=24691,fd=173)) CLOSE-WAIT 0 0 172.31.0.1:443 172.16.12.34:40914 users:(("lighttpd",pid=24691,fd=47)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.11.75:40651 users:(("lighttpd",pid=24691,fd=186)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.11.75:48044 users:(("lighttpd",pid=24691,fd=233)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.3.183:44144 users:(("lighttpd",pid=24691,fd=121)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.4.41:40866 users:(("lighttpd",pid=24691,fd=289)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.4.41:41262 users:(("lighttpd",pid=24691,fd=276)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:45354 users:(("lighttpd",pid=24691,fd=57)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.4.41:55164 users:(("lighttpd",pid=24691,fd=318)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.9.170:39545 users:(("lighttpd",pid=24691,fd=149)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.49:58728 users:(("lighttpd",pid=24691,fd=122)) ESTAB 0 0 172.31.0.1:80 172.16.10.38:49218 users:(("lighttpd",pid=24691,fd=175)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.9.170:48009 users:(("lighttpd",pid=24691,fd=176)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:49315 users:(("lighttpd",pid=24691,fd=63)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:48044 users:(("lighttpd",pid=24691,fd=61)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:39801 users:(("lighttpd",pid=24691,fd=48)) CLOSE-WAIT 0 0 172.31.0.1:443 172.16.11.60:39258 users:(("lighttpd",pid=24691,fd=313)) CLOSE-WAIT 0 0 172.31.0.1:443 172.16.12.34:40896 users:(("lighttpd",pid=24691,fd=177)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.169:34340 users:(("lighttpd",pid=24691,fd=154)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.122:42689 users:(("lighttpd",pid=24691,fd=266)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.9.170:45517 users:(("lighttpd",pid=24691,fd=188)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.52:44698 users:(("lighttpd",pid=24691,fd=141)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:45810 users:(("lighttpd",pid=24691,fd=36)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.8.66:48319 users:(("lighttpd",pid=24691,fd=68)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.52:36904 users:(("lighttpd",pid=24691,fd=166)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:39602 users:(("lighttpd",pid=24691,fd=40)) CLOSE-WAIT 0 0 172.31.0.1:443 172.16.3.194:41214 users:(("lighttpd",pid=24691,fd=153)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.52:44782 users:(("lighttpd",pid=24691,fd=179)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.52:35236 users:(("lighttpd",pid=24691,fd=194)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.14.120:40356 users:(("lighttpd",pid=24691,fd=284)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.49:39778 users:(("lighttpd",pid=24691,fd=148)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.49:33808 users:(("lighttpd",pid=24691,fd=155)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.11.75:49106 users:(("lighttpd",pid=24691,fd=189)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.52:36080 users:(("lighttpd",pid=24691,fd=183)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.11.156:43422 users:(("lighttpd",pid=24691,fd=227)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:47703 users:(("lighttpd",pid=24691,fd=62)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.9.170:40687 users:(("lighttpd",pid=24691,fd=120)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.4.41:36638 users:(("lighttpd",pid=24691,fd=307)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.11.75:48399 users:(("lighttpd",pid=24691,fd=201)) CLOSE-WAIT 0 0 172.31.0.1:443 172.16.11.201:40968 users:(("lighttpd",pid=24691,fd=223)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.9.170:45173 users:(("lighttpd",pid=24691,fd=147)) CLOSE-WAIT 0 0 172.31.0.1:443 172.16.7.127:33486 users:(("lighttpd",pid=24691,fd=298)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.52:43578 users:(("lighttpd",pid=24691,fd=142)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.9.170:45310 users:(("lighttpd",pid=24691,fd=146)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.49:51802 users:(("lighttpd",pid=24691,fd=106)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.52:60586 users:(("lighttpd",pid=24691,fd=190)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.4.41:44286 users:(("lighttpd",pid=24691,fd=257)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.4.41:59612 users:(("lighttpd",pid=24691,fd=58)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:38632 users:(("lighttpd",pid=24691,fd=100)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.11.197:45766 users:(("lighttpd",pid=24691,fd=260)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:47866 users:(("lighttpd",pid=24691,fd=78)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:47789 users:(("lighttpd",pid=24691,fd=38)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.4.41:48090 users:(("lighttpd",pid=24691,fd=163)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.4.41:55808 users:(("lighttpd",pid=24691,fd=293)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.11.75:40610 users:(("lighttpd",pid=24691,fd=203)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.49:37626 users:(("lighttpd",pid=24691,fd=156)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.3.183:49984 users:(("lighttpd",pid=24691,fd=69)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:40632 users:(("lighttpd",pid=24691,fd=70)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.122:37193 users:(("lighttpd",pid=24691,fd=263)) CLOSE-WAIT 0 0 172.31.0.1:443 172.16.9.138:50006 users:(("lighttpd",pid=24691,fd=128)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.9.170:38119 users:(("lighttpd",pid=24691,fd=137)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.3.183:37041 users:(("lighttpd",pid=24691,fd=145)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.11.75:47665 users:(("lighttpd",pid=24691,fd=208)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.3.183:45061 users:(("lighttpd",pid=24691,fd=99)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.11.75:45245 users:(("lighttpd",pid=24691,fd=225)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:49731 users:(("lighttpd",pid=24691,fd=46)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.122:41709 users:(("lighttpd",pid=24691,fd=262)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.49:48094 users:(("lighttpd",pid=24691,fd=140)) CLOSE-WAIT 0 0 172.31.0.1:443 172.16.8.205:38646 users:(("lighttpd",pid=24691,fd=328)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.11.22:55856 users:(("lighttpd",pid=24691,fd=333)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.49:58922 users:(("lighttpd",pid=24691,fd=168)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.169:37110 users:(("lighttpd",pid=24691,fd=268)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.122:48609 users:(("lighttpd",pid=24691,fd=255)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.3.183:39963 users:(("lighttpd",pid=24691,fd=93)) CLOSE-WAIT 0 0 172.31.0.1:443 172.16.9.138:50660 users:(("lighttpd",pid=24691,fd=219)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:47697 users:(("lighttpd",pid=24691,fd=49)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.11.75:47447 users:(("lighttpd",pid=24691,fd=217)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.4.41:43920 users:(("lighttpd",pid=24691,fd=292)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.11.75:41152 users:(("lighttpd",pid=24691,fd=218)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.13.11:33544 users:(("lighttpd",pid=24691,fd=252)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.3.183:46683 users:(("lighttpd",pid=24691,fd=90)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.9.170:37683 users:(("lighttpd",pid=24691,fd=96)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.52:41014 users:(("lighttpd",pid=24691,fd=114)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.122:46771 users:(("lighttpd",pid=24691,fd=251)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.11.197:36128 users:(("lighttpd",pid=24691,fd=275)) CLOSE-WAIT 0 0 172.31.0.1:443 172.16.12.34:40904 users:(("lighttpd",pid=24691,fd=297)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:47658 users:(("lighttpd",pid=24691,fd=29)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.49:47172 users:(("lighttpd",pid=24691,fd=143)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.6.9:44800 users:(("lighttpd",pid=24691,fd=44)) CLOSE-WAIT 0 0 172.31.0.1:443 172.16.12.215:43368 users:(("lighttpd",pid=24691,fd=314)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.11.75:46625 users:(("lighttpd",pid=24691,fd=224)) CLOSE-WAIT 0 0 172.31.0.1:443 172.16.6.114:32960 users:(("lighttpd",pid=24691,fd=320)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.9.170:45040 users:(("lighttpd",pid=24691,fd=127)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:47747 users:(("lighttpd",pid=24691,fd=24)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.3.183:39303 users:(("lighttpd",pid=24691,fd=73)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.14.55:44136 users:(("lighttpd",pid=24691,fd=157)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.11.75:38164 users:(("lighttpd",pid=24691,fd=196)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.3.183:37144 users:(("lighttpd",pid=24691,fd=43)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.122:48479 users:(("lighttpd",pid=24691,fd=232)) ESTAB 0 0 172.31.0.1:80 172.16.10.38:50340 users:(("lighttpd",pid=24691,fd=197)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.9.170:45205 users:(("lighttpd",pid=24691,fd=112)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.11.22:53590 users:(("lighttpd",pid=24691,fd=308)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.9.170:42947 users:(("lighttpd",pid=24691,fd=97)) CLOSE-WAIT 0 0 172.31.0.1:443 172.16.8.205:39152 users:(("lighttpd",pid=24691,fd=338)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.5.169:36804 users:(("lighttpd",pid=24691,fd=134)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.11.75:48390 users:(("lighttpd",pid=24691,fd=199)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:42423 users:(("lighttpd",pid=24691,fd=71)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.3.114:47892 users:(("lighttpd",pid=24691,fd=222)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.11.75:45040 users:(("lighttpd",pid=24691,fd=205)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.3.183:49647 users:(("lighttpd",pid=24691,fd=81)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:47823 users:(("lighttpd",pid=24691,fd=109)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:42556 users:(("lighttpd",pid=24691,fd=92)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.4.41:48352 users:(("lighttpd",pid=24691,fd=301)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.9.142:44492 users:(("lighttpd",pid=24691,fd=152)) CLOSE-WAIT 0 0 172.31.0.1:443 172.16.11.60:40278 users:(("lighttpd",pid=24691,fd=306)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:37800 users:(("lighttpd",pid=24691,fd=55)) CLOSE-WAIT 0 0 172.31.0.1:443 172.16.8.205:39228 users:(("lighttpd",pid=24691,fd=192)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.63:59376 users:(("lighttpd",pid=24691,fd=240)) ESTAB 0 0 172.31.0.1:80 172.16.10.38:43968 users:(("lighttpd",pid=24691,fd=193)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.10.75:47954 users:(("lighttpd",pid=24691,fd=34)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.3.183:43705 users:(("lighttpd",pid=24691,fd=80)) CLOSE-WAIT 0 0 172.31.0.1:80 172.16.11.75:41085 users:(("lighttpd",pid=24691,fd=215))

  1. I verified that no active traffic on these CLOSE-WAIT connections(using tcpdump and strace).

  2. I added the following debug log, and it printed "state CON_STATE_READ_POST".

static void connection_check_timeout (connection * const con, const unix_time64_t cur_ts) {

static unsigned int xxx = 0;
xxx++;
if (xxx < 10 && cur\_ts - con->read\_idle\_ts > 3600) {
    log\_error(r->conf.errh, \_\_FILE\_\_, \_\_LINE\_\_,
              "connection not closed : fd %d, state %d",
              con->fd, (int)r->state);
}

}

  1. In my environment, long-lived connections is unexpacted, and this patch did solve the problem.

Related news

Ubuntu Security Notice USN-5903-1

Ubuntu Security Notice 5903-1 - It was discovered that lighttpd incorrectly handled certain inputs, which could result in a stack buffer overflow. A remote attacker could possibly use this issue to cause a denial of service.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE