[Pkg-nginx-maintainers] Bug#972942: fancyindex: low performance on sorting files
Wang Shanker
shankerwangmiao at gmail.com
Mon Oct 26 13:17:50 GMT 2020
Package: libnginx-mod-http-fancyindex
Version: 1.14.2-2+deb10u3
Severity: normal
Tags: patch,fixed-upstream
Control: found -1 1.10.1-2
Dear maintainer,
Since fancyindex 0.4.1, the sorting algorithm has been changed to insertion
sort in commit 2fa65b0, which leads to severe performance degradation,
especially in those directories that contain large number of files. To make it
worse, the event loop of a working process is blocked by the sorting procedure,
resulting in a potential DoS attack surface.
The patch https://github.com/aperezdc/ngx-fancyindex/pull/112 fixes this issue
by changing it back to quick sort, and has been accepted by the upstream. I
wonder if it can be applied to unstable and also backported to stable-pu since
most users are using stable in their production environment?
Cheers,
Miao Wang
More information about the Pkg-nginx-maintainers
mailing list