Project

General

Profile

Actions
Copy link

Bug #120

closed

segfault when using mod_secdownload if document not found (with quick fix)

Added by Anonymous almost 20 years ago. Updated almost 18 years ago.

Status:
Fixed
Priority:
Normal
Category:
mod_secdownload
Target version:
-
ASK QUESTIONS IN Forums:

Description

Requesting a document through the mod_secdownload mechanism causes a segfault if that document doesn't exist but the URL is otherwise fine according to mod_secdownload.

This might not be limited to mod_secdownload since the segfault happens in response.c.

If the file is not found, rel_path is not set, but http_response_prepare looks at rel_path->ptrr0 without checking for an empty buffer.

A quick fix is to add a check to http_response_prepare in response.c around line 1092:

/* not found, perhaps PATHINFO */

if (con->physical.rel_path->used && /* <<< ADD THIS CHECK <<< */
    con->physical.rel_path->ptr[0] == '/') {
    buffer_copy_string_len(srv->tmp_buf, con->physical.rel_path->ptr + 1, con->physical.rel_path->used - 2);
} else {
    buffer_copy_string_buffer(srv->tmp_buf, con->physical.rel_path);
}

A similar problem may exist at line 1033 in the same file, but I haven't been able to cause a crash there.

-- scott

Added by jan over 19 years ago

Revision 57ed2501 (diff)

don't assume the relpath is really set (merge from #120)

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@695 152afb58-edef-0310-8abb-c4023f1b3aa9

Added by Rosen Penev over 2 years ago

Revision 423b432f (diff)

[meson] fix wrong array

Fixes meson error:

Unknown method "found" in object <[ArrayHolder] holds [list]:
[<ExternalLibrary fam: False>]> of type ArrayHolder.

Signed-off-by: Rosen Penev <>

github: #120

Added by Rosen Penev over 2 years ago

Revision b3d9145e (diff)

[meson] replace most has_function calls with loop

Shorter and less error prone. Removed the get() calls as has_function
will fail if the header is missing anyway.

Fixed clock_gettime header check. Needs _GNU_SOURCE to detect.

Co-authored-by: Glenn Strauss <>
Signed-off-by: Rosen Penev <>

github: closes #120

Added by Rosen Penev over 2 years ago

Revision 6b3c50fe (diff)

[meson] use non string true/false

muon (a meson reimplementation) errors as it does not support having a
string for a boolean type.

Signed-off-by: Rosen Penev <>

github: #120

Added by Rosen Penev over 2 years ago

Revision d0f555ac (diff)

[meson] use files()

Allows muon's fmt to sort files alphabetically.

Signed-off-by: Rosen Penev <>

github: #120

Actions
Copy link

Also available in: Atom