Project

General

Profile

Actions

Bug #120

closed

segfault when using mod_secdownload if document not found (with quick fix)

Added by Anonymous about 17 years ago. Updated almost 15 years ago.

Status:
Fixed
Priority:
Normal
Category:
mod_secdownload
Target version:
-
ASK QUESTIONS IN Forums:

Description

Requesting a document through the mod_secdownload mechanism causes a segfault if that document doesn't exist but the URL is otherwise fine according to mod_secdownload.

This might not be limited to mod_secdownload since the segfault happens in response.c.

If the file is not found, rel_path is not set, but http_response_prepare looks at rel_path->ptrr0 without checking for an empty buffer.

A quick fix is to add a check to http_response_prepare in response.c around line 1092:


/* not found, perhaps PATHINFO */

if (con->physical.rel_path->used && /* <<< ADD THIS CHECK <<< */
    con->physical.rel_path->ptr[0] == '/') {
    buffer_copy_string_len(srv->tmp_buf, con->physical.rel_path->ptr + 1, con->physical.rel_path->used - 2);
} else {
    buffer_copy_string_buffer(srv->tmp_buf, con->physical.rel_path);
}

A similar problem may exist at line 1033 in the same file, but I haven't been able to cause a crash there.

-- scott

Actions #1

Updated by jan almost 17 years ago

  • Status changed from New to Fixed
  • Resolution set to fixed

the patch is ok. In 1.4.4 this will be handle differently.

The patch is applied anyway in changeset r695

Actions

Also available in: Atom