Project

General

Profile

Bug #2876

segfault with fastcgi app

Added by arekm 4 months ago. Updated 4 months ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
core
Target version:
Start date:
2018-03-15
Due date:
% Done:

100%

Estimated time:
Missing in 1.5.x:

Description

1.4.45 works fine
1.4.49 and some earlier version segfaults

Using lighttpd with fastcgi app

end of strace

[pid  5341] close(8)                    = 0
[pid  5341] write(6, "2018-03-15 19:45:15: (server.c.1423) server started (lighttpd/1.4.49 (PLD Linux)) \n", 83) = 83
[pid  5341] stat("/usr/sbin/rt-server.fcgi", {st_mode=S_IFREG|0755, st_size=5449, ...}) = 0
[pid  5341] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5335] <... read resumed> "", 1)   = 0
[pid  5341] +++ killed by SIGSEGV +++
close(6)                                = 0
write(2, "daemonized server failed to start; check error log for details\n", 63daemonized server failed to start; check error log for details
) = 63
exit_group(-1)                          = ?
+++ exited with 255 +++
lighttpd-gdb.txt (5.41 KB) lighttpd-gdb.txt arekm, 2018-03-15 18:44
lighttpd-valgrind.txt (13.4 KB) lighttpd-valgrind.txt arekm, 2018-03-15 18:44

Associated revisions

Revision e21906b3 (diff)
Added by gstrauss 4 months ago

[core] fix crash if 'host' empty in config (fixes #2876)

x-ref:
"segfault with fastcgi app"
https://redmine.lighttpd.net/issues/2876

History

#1

Updated by gstrauss 4 months ago

  • Category set to core
  • Target version changed from 1.4.x to 1.4.50

Thank you for the info. It's clear that the error is a NULL pointer dereference, since 'host' has not been set in the fastcgi.server definition. Would you please share the fastcgi.server config from your lighttpd config?

#2

Updated by gstrauss 4 months ago

If 'host' is not specified, what behavior are you expecting? Listen on "localhost" 127.0.0.1? Listen on "::1" Listen on "0.0.0.0"? Listen on "::" ? other?

#3

Updated by gstrauss 4 months ago

A quick look at commit 18363092 looks like localhost 127.0.0.1 was the default if 'host' was not provided.

#4

Updated by gstrauss 4 months ago

  • Status changed from New to Patch Pending

Workaround is to set "host" => "localhost" in the fastcgi.server config (or "host" => "127.0.0.1")

Next release of lighttpd will have this:

--- a/src/gw_backend.c
+++ b/src/gw_backend.c
@@ -1399,8 +1399,12 @@ int gw_set_defaults_backend(server *srv, gw_plugin_data *p, data_unset *du, size
                     host->port = 80;
                 }

-                host->family = (!buffer_string_is_empty(host->host)
-                                && NULL != strchr(host->host->ptr, ':'))
+                if (buffer_string_is_empty(host->host)) {
+                    buffer_copy_string_len(host->host,
+                                           CONST_STR_LEN("127.0.0.1"));
+                }
+
+                host->family = (NULL != strchr(host->host->ptr, ':'))
                   ? AF_INET6
                   : AF_INET;
             }

#5

Updated by arekm 4 months ago

Indeed, no host.

            fastcgi.server = (
                "/" => (
                    "rt" => (
                        "port"        => "9000",
                        "bin-path"    => "/usr/sbin/rt-server.fcgi",
                        "check-local" => "disable",
                        "disable-time" => 0,
                        "min-procs" => 2,
                        "max-procs" => 20,
                        "fix-root-scriptname" => "enable",
                    )
                )
            )
        }

Adding host like that:

            fastcgi.server = (
                "/" => (
                    "rt" => (
                        "host"        => "127.0.0.1",
                        "port"        => "9000",
                        "bin-path"    => "/usr/sbin/rt-server.fcgi",
                        "check-local" => "disable",
                        "disable-time" => 0,
                        "min-procs" => 2,
                        "max-procs" => 20,
                        "fix-root-scriptname" => "enable",
                    )
                )
            )
        }

doesn't seem to fix it, still segfaults. valgrind/gdb info in 1-2 days, can't play with it at this moment.

#6

Updated by gstrauss 4 months ago

Taking the examples you gave, I can reproduce the crash.
If I add "host" => "127.0.0.1", the crash no longer occurs.
If I use the patch I provided above, the crash no longer occurs.

Please check that you have updated the config, are using that config, have restarted lighttpd, and are hitting that instance of lighttpd with your test request.

#7

Updated by gstrauss 4 months ago

  • Status changed from Patch Pending to Fixed
  • % Done changed from 0 to 100
#8

Updated by arekm 4 months ago

Patch fixes it for me.

Had one more fastcgi section (without host) which caused segfault.

Also available in: Atom