Actions
Bug #1476
closed1.5 r-1992 overflow when parsing "remoteip conditions"
ASK QUESTIONS IN Forums:
Description
I have found a bug type like overflow that is crashing the lighttpd.
#$HTTP["remoteip"] !~ "65.52.0.0/14|66.249.64.0/19|74.125.0.0/16|216.239.32.0/19|64.233.160.0/19|
# 72.14.192.0/18|66.102.0.0/20|66.94.224.0/19|202.160.176.0/20|
# 209.131.32.0/19|209.191.64.0/18|209.73.160.0/19|216.109.112.0/20|216.155.192.0/20|
# 66.196.64.0/18|66.94.224.0/19|68.142.192.0/18|72.30.0.0/16|74.6.0.0/16" {
# access.deny-all = "enable"
#}
The lighty will startup fine but the first TCP connection to the listening port (80) is crashing the lighttpd binary leaving my spawn-fcgi process alones
I'm actually using a workaround wich looks like
$HTTP["remoteip"] != "***.***.0.0/12" {
$HTTP["remoteip"] != "65.52.0.0/14" {
$HTTP["remoteip"] != "66.249.64.0/19" {
$HTTP["remoteip"] != "66.249.64.0/19" {
$HTTP["remoteip"] != "74.125.0.0/16" {
$HTTP["remoteip"] != "74.125.0.0/16" {
$HTTP["remoteip"] != "74.125.0.0/16" {
$HTTP["remoteip"] != "216.239.32.0/19" {
$HTTP["remoteip"] != "64.233.160.0/19" {
$HTTP["remoteip"] != "72.14.192.0/18" {
$HTTP["remoteip"] != "66.102.0.0/20" {
$HTTP["remoteip"] != "66.94.224.0/19" {
$HTTP["remoteip"] != "202.160.176.0/20" {
$HTTP["remoteip"] != "209.131.32.0/19" {
$HTTP["remoteip"] != "209.191.64.0/18" {
$HTTP["remoteip"] != "209.73.160.0/19" {
$HTTP["remoteip"] != "216.109.112.0/20" {
$HTTP["remoteip"] != "216.155.192.0/20" {
$HTTP["remoteip"] != "66.196.64.0/18" {
$HTTP["remoteip"] != "68.142.192.0/18" {
$HTTP["remoteip"] != "72.30.0.0/16" {
$HTTP["remoteip"] != "74.6.0.0/16" {
access.deny-all = "enable"
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
A bit ugly :)
Updated by gstrauss over 8 years ago
- Description updated (diff)
- Assignee deleted (
jan) - Missing in 1.5.x set to Yes
FYI: you probably want to escape the dots ('.') in the regex with "\."
If this is an issue with lighttpd 1.4.x, please file a new issue. Thanks.
Actions
Also available in: Atom