Project

General

Profile

Bug #1873

a core-bug caused by incomplete https request

Added by liming almost 11 years ago. Updated almost 10 years ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
core
Target version:
Start date:
2009-01-15
Due date:
% Done:

100%

Estimated time:
Missing in 1.5.x:
No

Description

when I send a https request like this:
"GET /?query=hi HTTP/1.1\r\n"
(It's a incomplete request, since it doesn't include "\r\n\r\n"),
lighttpd is down, and generates a core-dump file.

I used gdb to examinate the core file, and find a bug in file http_req.c:

281    for (c = cq->first; c; c = c->next) {
282        if (c == cq->first) {
283            buffer_append_string_len(hdr, c->mem->ptr + t.c->offset, c->mem->used - 1 - t.c->offset);
284        } else {
285            buffer_append_string_buffer(hdr, c->mem);
286        }
287    }

When lighttpd is down, in line 283, "t.c" is null, so (null)->offset is illegal, of course.

I don't know why "t.c->offset" is here, but not "c->offset". I think "c->offset" is the right word here instead of "t.c->offset"


Related issues

Is duplicate of Bug #2003: ssl remote crashFixed2009-06-10

Actions

History

#1

Updated by liming almost 10 years ago

  • % Done changed from 0 to 100

It's fixed

#2

Updated by icy almost 10 years ago

  • Status changed from New to Fixed
  • Missing in 1.5.x set to No

Thanks for the updated feedback

Also available in: Atom