Browse Source

[mod_fastcgi] fix use after free (only triggered if fastcgi debug is active)

If a new fastcgi packet is expected, but the currently available
  data doesn't fill the header and debug is active an invalid
  read is triggerd.

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2939 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/tags/lighttpd-1.4.35
Stefan Bühler 8 years ago
parent
commit
fc3a060a04
  1. 2
      NEWS
  2. 5
      src/mod_fastcgi.c

2
NEWS

@ -5,7 +5,7 @@ NEWS
- 1.4.35
* [network/ssl] fix build error if TLSEXT is disabled
* [mod_fastcgi] fix use after free (only triggered if fastcgi debug is active)
- 1.4.34
* [mod_auth] explicitly link ssl for SHA1 (fixes #2517)

5
src/mod_fastcgi.c

@ -2420,11 +2420,12 @@ static int fastcgi_get_packet(server *srv, handler_ctx *hctx, fastcgi_response_p
if ((packet->b->used == 0) ||
(packet->b->used - 1 < sizeof(FCGI_Header))) {
/* no header */
buffer_free(packet->b);
if (hctx->plugin_data->conf.debug) {
log_error_write(srv, __FILE__, __LINE__, "sdsds", "FastCGI: header too small:", packet->b->used, "bytes <", sizeof(FCGI_Header), "bytes, waiting for more data");
}
buffer_free(packet->b);
return -1;
}

Loading…
Cancel
Save