Bug #2892
closedSegmentation fault with invalid lighttpd.conf syntax
Description
This code (to handle lets encrypt inquiries on http and redirect everything else to https) crashes lighty with a segmentation fault:
$HTTP["host"] =~ "(domain.tld|www.domain.tld)" {
alias.url += ("/.well-known/acme-challenge/" => "/var/www/letsencrypt/.well-known/acme-challenge/")
$HTTP["url"] !~ "^/\.well-known/acme-challenge/" {
url.redirect-code = 301
url.redirect = (".*" => "https://%0$0")
}
}
Its seems to be the combination of "$HTTP["url"] !~ " and the "%X" placeholder (%0 or %1 I've tested)
For because this works:
$HTTP["host"] =~ "(domain.tld|www.domain.tld)" {
alias.url += ("/.well-known/acme-challenge/" => "/var/www/letsencrypt/.well-known/acme-challenge/")
$HTTP["url"] !~ "^/\.well-known/acme-challenge/" {
url.redirect-code = 301
url.redirect = (".*" => "https://domain.tld/$0")
}
}
And also this works:
$HTTP["host"] =~ "(domain.tld|www.domain.tld)" {
alias.url += ("/.well-known/acme-challenge/" => "/var/www/letsencrypt/.well-known/acme-challenge/")
url.redirect-code = 301
url.redirect = (".*" => "https://%0$0")
}
lighttpd -v
lighttpd/1.4.49 (ssl) - a light and fast webserver
Updated by nti over 6 years ago
My modules:
server.modules = (
"mod_redirect",
"mod_rewrite",
"mod_alias",
"mod_access",
"mod_auth",
"mod_status",
"mod_setenv",
"mod_fastcgi",
"mod_simple_vhost",
"mod_cgi",
"mod_compress",
"mod_openssl",
"mod_secdownload",
"mod_flv_streaming",
"mod_rrdtool",
"mod_accesslog" )
Updated by gstrauss over 6 years ago
- Status changed from New to Patch Pending
- Target version changed from 1.4.x to 1.4.50
The syntax on which it crashes is not valid. %0 is for the condition immediately wrapping the url.redirect, and a regex '!~' does not capture. Still, it should not crash.
The bug is in keyvalue.c line 296 in a cast for comparison of signed and unsigned values, since cache->patterncount can be -1
- if (num < (size_t)cache->patterncount) {
+ if ((int)num < cache->patterncount) {
Updated by nti over 6 years ago
Thanks a lot. But %1 also crashs:
$HTTP["host"] =~ "(domain.tld |www.domain.tld)" {
alias.url += ("/.well-known/acme-challenge/" => "/var/www/letsencrypt/.well-known/acme-challenge/")
$HTTP["url"] !~ "^/\.well-known/acme-challenge/" {
url.redirect-code = 301
url.redirect = ( "^/(.*)" => "https://%1:443/$1" )
}
Updated by gstrauss over 6 years ago
- Subject changed from Segmentation fault to Segmentation fault with invalid lighttpd.conf syntax
It is also invalid syntax with regex '!~', it crashes for the same reason, and it is fixed by the same patch.
Your syntax is INVALID. Please see the documentation. Docs_ModRedirect
I think this syntax, which works in lighttpd 1.4.40 and later, will do what you're trying to do:
$HTTP["scheme"] == "http" {
$HTTP["host"] =~ "(domain.tld|www.domain.tld)" {
url.redirect-code = 301
url.redirect = ( "^/\.well-known/acme-challenge/" => "", # instead of (nonsensical) redirect loop, this matched url will not be modified
"^(.*)" => "https://%0$0" )
alias.url += ("/.well-known/acme-challenge/" => "/var/www/letsencrypt/.well-known/acme-challenge/")
}
}
else $HTTP["scheme"] == "https" {
$HTTP["host"] =~ "(domain.tld|www.domain.tld)" {
alias.url += ("/.well-known/acme-challenge/" => "/var/www/letsencrypt/.well-known/acme-challenge/")
}
}
The upcoming lighttpd 1.4.50 aims to add some syntactic sugar to make some of this even simpler.
Updated by gstrauss over 6 years ago
- Status changed from Patch Pending to Fixed
- % Done changed from 0 to 100
Applied in changeset f4f13745c8e55490722ee8637b43e4f5bb809143.
Also available in: Atom