Browse Source

[core] fix reqpool mem corruption in 1.4.62 (fixes #3118)

x-ref:
  "Segfault after updating to version 1.4.62"
  https://redmine.lighttpd.net/issues/3118
  "Segfault on closing connections"
  https://redmine.lighttpd.net/issues/3119
master
Glenn Strauss 6 months ago
parent
commit
ef9608f307
  1. 2
      src/configfile-glue.c
  2. 2
      src/h2.c
  3. 5
      src/reqpool.c
  4. 1
      src/request.h

2
src/configfile-glue.c

@ -692,7 +692,7 @@ static int config_pcre_match(request_st * const r, const data_config * const dc,
r->cond_match[capture_offset] = r->cond_match_data + capture_offset;
if (__builtin_expect( (NULL == cond_match->matches), 0)) {
/*(allocate on demand)*/
cond_match->matches = malloc(dc->ovec_nelts * sizeof(int *));
cond_match->matches = malloc(dc->ovec_nelts * sizeof(int));
force_assert(cond_match->matches);
}
cond_match->comp_value = b; /*holds pointer to b (!) for pattern subst*/

2
src/h2.c

@ -2573,7 +2573,7 @@ h2_init_stream (request_st * const h2r, connection * const con)
#ifdef HAVE_PCRE
if (srv->config_captures)
memcpy(r->cond_match, h2r->cond_match,
srv->config_captures * sizeof(cond_match_t));
srv->config_captures * sizeof(cond_match_t *));
#endif
/*(see request_config_reset() and request_reset_ex())*/
r->server_name = h2r->server_name;

5
src/reqpool.c

@ -66,7 +66,8 @@ request_init_data (request_st * const r, connection * const con, server * const
force_assert(NULL != r->cond_cache);
#ifdef HAVE_PCRE
if (srv->config_captures) {/*(save 128b per con if no regex conditions)*/
if (srv->config_captures) {
r->cond_captures = srv->config_captures;
r->cond_match = calloc(srv->config_captures, sizeof(cond_match_t *));
force_assert(NULL != r->cond_match);
r->cond_match_data = calloc(srv->config_captures, sizeof(cond_match_t));
@ -232,7 +233,7 @@ request_free_data (request_st * const r)
free(r->cond_cache);
#ifdef HAVE_PCRE
if (r->cond_match_data) {
for (int i = 0, used = r->con->srv->config_captures; i < used; ++i) {
for (int i = 0, used = r->cond_captures; i < used; ++i) {
#ifdef HAVE_PCRE2_H
if (r->cond_match_data[i].match_data)
pcre2_match_data_free(r->cond_match_data[i].match_data);

1
src/request.h

@ -194,6 +194,7 @@ struct request_st {
struct chunkqueue reqbody_queue; /*(might use tempfiles)*/
struct stat_cache_entry *tmp_sce; /*(value valid only in sequential code)*/
int cond_captures;
};

Loading…
Cancel
Save