Lighttpd crashes on wrong return type in lua script
If a lua script is attached with magnet.attract-raw-url-to, this script is expected to either return nothing or a numeric value, which is interpreted as http status code later.
If a boolean is returned, lighttpd crashes with a segfault. This is a lua programming error, but lighttpd should not crash.
Related log message in error log is:
(mod_magnet.c.420) (lua-atpanic) bad argument #-1 (number expected, got boolean)
gdb backtrace ist very short:
Program received signal SIGSEGV, Segmentation fault.
_longjmp_chk () at ../sysdeps/unix/sysv/linux/x86_64/_longjmp_chk.S:167
167 ../sysdeps/unix/sysv/linux/x86_64/____longjmp_chk.S: Datei oder Verzeichnis nicht gefunden.
#0 _longjmp_chk () at ../sysdeps/unix/sysv/linux/x86_64/_longjmp_chk.S:167
#1 0x65479cc994dcfd30 in ?? ()
Backtrace stopped: Cannot access memory at address 0x65479cc994dcfd30
Steps to reproduce:
- lighttpd.conf with mod_magnet and a lua script attached with magnet.attract-raw-url-to
- lua script with only one line:
- request to the url with attached lua script
Based on your description, please have a look at mod_magnet.c line 968:
lua_return_value = (int) luaL_optinteger(L, -1, -1);
That code expects an int and is possibly what is resulting in the lua panic, but I don't have time at this moment to test that theory. The code should probably verify the existence and type of argument at that position on the stack before calling luaL_optinteger().
- File lighttpd-mod_magnet-fix_wrong_return-type.diff lighttpd-mod_magnet-fix_wrong_return-type.diff added
This patch fixes the problem for me:
- behaviour with numeric and nil types is unchanged
- all other types are handled like nil type (return -1), but a log messages is written and the crash is avoided
From my current understanding and usage of lua scripts with mod_magnet there two use cases:
1.) generating content with lua, redirect the request or request authentication
In these cases the lua script must return a valid http status code and maybe additional header and/or content
Returning a number means: the request ends here
2.) the lua script just modifies/verifies the request and has nothing to change.
Take a look at the traffic quota example in the AbsoLUAtion page of this wiki.
If the request is not blocked, the script just ends returning nothing, which is nil in Lua.
It does not make a difference, whether nil is returned explicit or the script just ends (I just verified both cases).
Another use case: the lua script checks for authentication:
- either the request is missing the the needed data (e.e. header), than we have case 1.), a redirect to a login url or a status 401
- or the request is verified and can proceed
Returning nothing/nil in a lua script just means: continue with the request
If returning nil is considred an error, this would break a lot of existing scripts.
The example "Do basic HTTP-Auth against a MySQL DB/Table" in the AbsoLUAtion page ends with the follwing two lines
-- return nothing to proceed normal operation
The documentation matches your patch. Thanks!
Also available in: Atom