Project

General

Profile

Bug #2760

potential tempfile corruption when streaming response

Added by gstrauss 12 months ago. Updated 12 months ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
core
Target version:
Start date:
2016-10-29
Due date:
% Done:

100%

Estimated time:
Missing in 1.5.x:

Description

When streaming response (not the default in lighttpd 1.4.40 - 1.4.43), it is possible to partially send a tempfile to client which is then subsequently updated with more data from backend. However, the position in the file was not updated, so this could result in corruption of the response.

Further discussion in https://redmine.lighttpd.net/boards/3/topics/6884

Associated revisions

Revision 23503883 (diff)
Added by gstrauss 12 months ago

[core] fix potential streaming tempfile corruption (fixes #2760)

set O_APPEND after mkstemp() in chunk.c (mkostemp() is not as portable)
(also set FD_CLOEXEC to avoid potentially leaking open tempfiles to CGI)

(thx dieter.ro for helping track this down)

x-ref:
https://redmine.lighttpd.net/boards/3/topics/6884
"potential tempfile corruption when streaming response"
https://redmine.lighttpd.net/issues/2760

History

#1 Updated by gstrauss 12 months ago

  • Status changed from Patch Pending to Fixed
  • % Done changed from 0 to 100

Also available in: Atom