Actions
Bug #2970
closedmod_webdav writes to fd=-1 when uploading large files (1000M)
ASK QUESTIONS IN Forums:
Description
version = lighttpd-1.4.54-1.fc30
command: curl --upload-file ./x localhost:8080/x (with x >500MB or so, but not large enough for a 413)
results in 403, forbidden
strace:
read(5, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 262143) = 262143
write(6, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 262143) = 262143
epoll_wait(4, [{EPOLLIN, {u32=4287600672, u64=94454913407008}}], 4097, 1000) = 1
ioctl(5, FIONREAD, [4096]) = 0
read(5, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4095) = 4095
write(6, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4095) = 4095
epoll_wait(4, [{EPOLLIN, {u32=4287600672, u64=94454913407008}}], 4097, 1000) = 1
ioctl(5, FIONREAD, [1]) = 0
read(5, "\0", 4095) = 1
write(6, "\0", 1) = 1
getpid() = 66
openat(AT_FDCWD, "/cache/lighttpd-upload-sZhKGh", O_RDONLY|O_NOCTTY|O_NONBLOCK|O_CLOEXEC) = 7
mmap(NULL, 134479359, PROT_READ, MAP_SHARED, 7, 0) = 0x7f6033dde000
close(7) = 0
write(-1, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 134479359) = -1 EBADF (Bad file descriptor)
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
write(2, "2019-08-09 09:06:43: (response.c"..., 2262019-08-09 09:06:43: (response.c.113) Response-Header: \nHTTP/1.1 403 Forbidden\r\nContent-Type: text/html\r\nContent-Length: 341\r\nConnection: close\r\nDate: Fri, 09 Aug 2019 09:06:43 GMT\r\nServer: lighttpd/1.4.54\r\n\r\n
) = 226
writev(5, [{iov_base="HTTP/1.1 403 Forbidden\r\nContent-"..., iov_len=153}, {iov_base="<?xml version=\"1.0\" encoding=\"is"..., iov_len=341}], 2) = 494
gdb:
Breakpoint 1, __GI___libc_write (fd=fd@entry=-1, buf=0x7fffef80f000, nbytes=134479359)
at ../sysdeps/unix/sysv/linux/write.c:25
25 {
(gdb) bt
#0 __GI___libc_write (fd=fd@entry=-1, buf=0x7fffef80f000, nbytes=134479359) at ../sysdeps/unix/sysv/linux/write.c:25
#1 0x00007ffff7a296f7 in mod_webdav_write_cq_first_chunk (con=0x5555555d0020, cq=0x5555555d05e0, fd=-1)
at mod_webdav.c:4056
#2 0x00007ffff7a299cd in mod_webdav_write_cq (con=con@entry=0x5555555d0020, cq=cq@entry=0x5555555d05e0, fd=-1)
at mod_webdav.c:4121
#3 0x00007ffff7a2a66a in mod_webdav_write_single_file_chunk (cq=0x5555555d05e0, con=0x5555555d0020)
at mod_webdav.c:4137
#4 mod_webdav_put (con=0x5555555d0020, pconf=0x55555561b600) at mod_webdav.c:4469
#5 0x00007ffff7a2b82b in mod_webdav_subrequest_handler (srv=<optimized out>, con=0x5555555d0020, p_d=<optimized out>)
at mod_webdav.c:5502
#6 0x0000555555581243 in plugins_call_handle_subrequest ()
#7 0x000055555556ea1b in http_response_prepare ()
#8 0x0000555555570804 in connection_state_machine ()
#9 0x000055555556dd14 in ?? ()
#10 0x0000555555561d76 in main ()
Updated by gstrauss about 5 years ago
- Status changed from New to Patch Pending
- Target version changed from 1.4.x to 1.4.55
Thanks for reporting this. The problem occurs for any file upload larger then 128M. This fixes it:
--- a/src/mod_webdav.c
+++ b/src/mod_webdav.c
@@ -4274,6 +4274,9 @@ mod_webdav_put_prep (connection * const con, const plugin_config * const pconf)
}
buffer_clear(cq->last->mem); /* file already unlink()ed */
chunkqueue_set_tempdirs(cq, cq->tempdirs, INTMAX_MAX);
+ /* force huge cq->upload_temp_file_size since chunkqueue_set_tempdirs()
+ * might truncate upload_temp_file_size to chunk.c:MAX_TEMPFILE_SIZE */
+ cq->upload_temp_file_size = INTMAX_MAX;
cq->last->file.is_temp = 1;
return HANDLER_GO_ON;
Updated by gstrauss about 5 years ago
- Status changed from Patch Pending to Fixed
- % Done changed from 0 to 100
Applied in changeset 019efb0ed8ebaee8d23301d921e2c79ff293bab2.
Actions
Also available in: Atom