Actions
Bug #2822
closedSegmentation fault on HTTP chunked input
ASK QUESTIONS IN Forums:
Description
Apss like WhatsApp are sending requests with \r\n after header:
POST /chat HTTP/1.1
Host: c.whatsapp.net
User-Agent: Mozilla/5.0 (compatible; WAChat/1.2; +http://www.whatsapp.com/contact)
Transfer-Encoding: chunked
if mod_fastcgi is enabled then we are getting Segmentation fault.
Bug affected versions >= 1.4.44
Updated by gstrauss about 7 years ago
- Target version changed from 1.4.x to 1.4.46
Thanks for the report. Are there any more details you can provide? Do you mean that the header looks like the following?
POST /chat HTTP/1.1\r\n Host: c.whatsapp.net\r\n User-Agent: Mozilla/5.0 (compatible; WAChat/1.2; +http://www.whatsapp.com/contact)\r\n Transfer-Encoding: chunked\r\n \r\n \r\n
Updated by gstrauss about 7 years ago
Ok. I can get this. An assert() is firing and I'll have to look why later tonight.
Program received signal SIGSEGV, Segmentation fault.
connection_handle_read_post_chunked (dst_cq=0x658600, cq=0x6585b0,
con=0x657f90, srv=0x646010) at connections-glue.c:128
128 force_assert(c->type == MEM_CHUNK);
Updated by gstrauss about 7 years ago
This appears to fix it. I'll review some other scenarios later and then will commit a fix.
--- a/src/connections-glue.c
+++ b/src/connections-glue.c
@@ -125,6 +125,7 @@ static handler_t connection_handle_read_post_chunked(server *srv, connection *co
while (0 == te_chunked) {
char *p;
chunk *c = cq->first;
+ if (NULL == c) break;
force_assert(c->type == MEM_CHUNK);
p = strchr(c->mem->ptr+c->offset, '\n');
if (NULL != p) { /* found HTTP chunked header line */
Updated by gstrauss about 7 years ago
- Subject changed from Segmentation fault. fast_cgi to Segmentation fault on HTTP chunked input
- Category changed from mod_fastcgi to core
- Status changed from New to Patch Pending
Updated by gstrauss about 7 years ago
- Status changed from Patch Pending to Fixed
- % Done changed from 0 to 100
Applied in changeset a156fdbc7bb00f1ead9df41038062efd7b829105.
Actions
Also available in: Atom