Fix segfault in mod_scgi (fixes #1911)

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2404 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/tags/lighttpd-1.4.22
Stefan Bühler 14 years ago
parent 950fbe58bd
commit a7ecb6b93a

@ -9,6 +9,7 @@ NEWS
* Handle EINTR in mod_rrdtool (fixes #604)
* Fix rrd error after graceful restart (fixes #419)
* Fix EAGAIN handling for freebsd sendfile (fixes #1913, thx AnMaster for spotting the problem)
* Fix segfault in mod_scgi (fixes #1911)
- 1.4.21 - 2009-02-16

@ -1814,6 +1814,7 @@ static int scgi_demux_response(server *srv, handler_ctx *hctx) {
int header_end = 0;
int cp, eol = EOL_UNSET;
size_t used = 0;
size_t hlen = 0;
buffer_append_string_buffer(hctx->response_header, hctx->response);
@ -1836,6 +1837,7 @@ static int scgi_demux_response(server *srv, handler_ctx *hctx) {
if (*(c+1) == '\n') {
header_end = 1;
hlen = cp + 2;
break;
}
@ -1854,6 +1856,7 @@ static int scgi_demux_response(server *srv, handler_ctx *hctx) {
*(c+2) == '\r' &&
*(c+3) == '\n') {
header_end = 1;
hlen = cp + 4;
break;
}
@ -1875,12 +1878,11 @@ static int scgi_demux_response(server *srv, handler_ctx *hctx) {
http_chunk_append_mem(srv, con, hctx->response_header->ptr, hctx->response_header->used);
joblist_append(srv, con);
} else {
size_t hlen = c - hctx->response_header->ptr + (eol == EOL_RN ? 4 : 2);
size_t blen = hctx->response_header->used - hlen - 1;
/* a small hack: terminate after at the second \r */
hctx->response_header->used = hlen + 1 - (eol == EOL_RN ? 2 : 1);
hctx->response_header->ptr[hlen - (eol == EOL_RN ? 2 : 1)] = '\0';
hctx->response_header->used = hlen;
hctx->response_header->ptr[hlen - 1] = '\0';
/* parse the response header */
scgi_response_parse(srv, con, p, hctx->response_header, eol);
@ -1892,7 +1894,7 @@ static int scgi_demux_response(server *srv, handler_ctx *hctx) {
}
if ((hctx->response->used != hlen) && blen > 0) {
http_chunk_append_mem(srv, con, c + (eol == EOL_RN ? 4: 2), blen + 1);
http_chunk_append_mem(srv, con, hctx->response_header->ptr + hlen, blen + 1);
joblist_append(srv, con);
}
}
@ -2570,13 +2572,13 @@ static handler_t scgi_handle_fdevent(void *s, void *ctx, int revents) {
con->mode = DIRECT;
} else {
/* response might have been already started, kill the connection */
scgi_connection_cleanup(srv, hctx);
log_error_write(srv, __FILE__, __LINE__, "ssdsd",
"response already sent out, termination connection",
"connection-fd:", con->fd,
"fcgi-fd:", hctx->fd);
scgi_connection_cleanup(srv, hctx);
connection_set_state(srv, con, CON_STATE_ERROR);
}

Loading…
Cancel
Save