[mod_fastcgi] fix use after free (only triggered if fastcgi debug is active)

If a new fastcgi packet is expected, but the currently available data doesn't fill the header and debug is active an invalid read is triggerd. From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2939 152afb58-edef-0310-8abb-c4023f1b3aa9
9 years ago · fc3a060a04
parent b8a1835093
commit fc3a060a04
2 changed files with 4 additions and 3 deletions
--- a/2
+++ b/2
@ -5,7 +5,7 @@ NEWS

 - 1.4.35
  * [network/ssl] fix build error if TLSEXT is disabled
-
+  * [mod_fastcgi] fix use after free (only triggered if fastcgi debug is active)

 - 1.4.34
  * [mod_auth] explicitly link ssl for SHA1 (fixes #2517)
--- a/src/mod_fastcgi.c
+++ b/src/mod_fastcgi.c
@ -2420,11 +2420,12 @@ static int fastcgi_get_packet(server *srv, handler_ctx *hctx, fastcgi_response_p
 	if ((packet->b->used == 0) ||
 	    (packet->b->used - 1 < sizeof(FCGI_Header))) {
 		/* no header */
-		buffer_free(packet->b);
-
 		if (hctx->plugin_data->conf.debug) {
 			log_error_write(srv, __FILE__, __LINE__, "sdsds", "FastCGI: header too small:", packet->b->used, "bytes <", sizeof(FCGI_Header), "bytes, waiting for more data");
 		}
+
+		buffer_free(packet->b);
+
 		return -1;
 	}