lighttpd
/
lighttpd1.4
2
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

Fix segfault in mod_scgi (fixes #1911) 

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2404 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/tags/lighttpd-1.4.22
Stefan Bühler 13 years ago
parent
950fbe58bd
commit
a7ecb6b93a
2 changed files with 9 additions and 6 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      NEWS
  2. 14
      src/mod_scgi.c

1
NEWS
Unescape View File

@ -9,6 +9,7 @@ NEWS
* Handle EINTR in mod_rrdtool (fixes #604)
* Fix rrd error after graceful restart (fixes #419)
* Fix EAGAIN handling for freebsd sendfile (fixes #1913, thx AnMaster for spotting the problem)
* Fix segfault in mod_scgi (fixes #1911)
- 1.4.21 - 2009-02-16

14
src/mod_scgi.c
Unescape View File

@ -1814,6 +1814,7 @@ static int scgi_demux_response(server *srv, handler_ctx *hctx) {
int header_end = 0;
int cp, eol = EOL_UNSET;
size_t used = 0;
size_t hlen = 0;
buffer_append_string_buffer(hctx->response_header, hctx->response);
@ -1836,6 +1837,7 @@ static int scgi_demux_response(server *srv, handler_ctx *hctx) {
if (*(c+1) == '\n') {
header_end = 1;
hlen = cp + 2;
break;
}
@ -1854,6 +1856,7 @@ static int scgi_demux_response(server *srv, handler_ctx *hctx) {
*(c+2) == '\r' &&
*(c+3) == '\n') {
header_end = 1;
hlen = cp + 4;
break;
}
@ -1875,12 +1878,11 @@ static int scgi_demux_response(server *srv, handler_ctx *hctx) {
http_chunk_append_mem(srv, con, hctx->response_header->ptr, hctx->response_header->used);
joblist_append(srv, con);
} else {
size_t hlen = c - hctx->response_header->ptr + (eol == EOL_RN ? 4 : 2);
size_t blen = hctx->response_header->used - hlen - 1;
/* a small hack: terminate after at the second \r */
hctx->response_header->used = hlen + 1 - (eol == EOL_RN ? 2 : 1);
hctx->response_header->ptr[hlen - (eol == EOL_RN ? 2 : 1)] = '\0';
hctx->response_header->used = hlen;
hctx->response_header->ptr[hlen - 1] = '\0';
/* parse the response header */
scgi_response_parse(srv, con, p, hctx->response_header, eol);
@ -1892,7 +1894,7 @@ static int scgi_demux_response(server *srv, handler_ctx *hctx) {
}
if ((hctx->response->used != hlen) && blen > 0) {
http_chunk_append_mem(srv, con, c + (eol == EOL_RN ? 4: 2), blen + 1);
http_chunk_append_mem(srv, con, hctx->response_header->ptr + hlen, blen + 1);
joblist_append(srv, con);
}
}
@ -2570,13 +2572,13 @@ static handler_t scgi_handle_fdevent(void *s, void *ctx, int revents) {
con->mode = DIRECT;
} else {
/* response might have been already started, kill the connection */
scgi_connection_cleanup(srv, hctx);
log_error_write(srv, __FILE__, __LINE__, "ssdsd",
"response already sent out, termination connection",
"connection-fd:", con->fd,
"fcgi-fd:", hctx->fd);
scgi_connection_cleanup(srv, hctx);
connection_set_state(srv, con, CON_STATE_ERROR);
}

Write Preview
Loading…
Cancel
Save