Project

General

Profile

Bug #2970

mod_webdav writes to fd=-1 when uploading large files (1000M)

Added by Gundersanne about 1 month ago. Updated 10 days ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
mod_webdav
Target version:
Start date:
2019-08-09
Due date:
% Done:

100%

Estimated time:
Missing in 1.5.x:

Description

version = lighttpd-1.4.54-1.fc30

command: curl --upload-file ./x localhost:8080/x (with x >500MB or so, but not large enough for a 413)

results in 403, forbidden

strace:


read(5, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 262143) = 262143
write(6, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 262143) = 262143
epoll_wait(4, [{EPOLLIN, {u32=4287600672, u64=94454913407008}}], 4097, 1000) = 1
ioctl(5, FIONREAD, [4096])              = 0
read(5, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4095) = 4095
write(6, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4095) = 4095
epoll_wait(4, [{EPOLLIN, {u32=4287600672, u64=94454913407008}}], 4097, 1000) = 1
ioctl(5, FIONREAD, [1])                 = 0
read(5, "\0", 4095)                     = 1
write(6, "\0", 1)                       = 1
getpid()                                = 66
openat(AT_FDCWD, "/cache/lighttpd-upload-sZhKGh", O_RDONLY|O_NOCTTY|O_NONBLOCK|O_CLOEXEC) = 7
mmap(NULL, 134479359, PROT_READ, MAP_SHARED, 7, 0) = 0x7f6033dde000
close(7)                                = 0
write(-1, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 134479359) = -1 EBADF (Bad file descriptor)
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
write(2, "2019-08-09 09:06:43: (response.c"..., 2262019-08-09 09:06:43: (response.c.113) Response-Header: \nHTTP/1.1 403 Forbidden\r\nContent-Type: text/html\r\nContent-Length: 341\r\nConnection: close\r\nDate: Fri, 09 Aug 2019 09:06:43 GMT\r\nServer: lighttpd/1.4.54\r\n\r\n 
) = 226
writev(5, [{iov_base="HTTP/1.1 403 Forbidden\r\nContent-"..., iov_len=153}, {iov_base="<?xml version=\"1.0\" encoding=\"is"..., iov_len=341}], 2) = 494

gdb:


Breakpoint 1, __GI___libc_write (fd=fd@entry=-1, buf=0x7fffef80f000, nbytes=134479359)
    at ../sysdeps/unix/sysv/linux/write.c:25
25    {
(gdb) bt
#0  __GI___libc_write (fd=fd@entry=-1, buf=0x7fffef80f000, nbytes=134479359) at ../sysdeps/unix/sysv/linux/write.c:25
#1  0x00007ffff7a296f7 in mod_webdav_write_cq_first_chunk (con=0x5555555d0020, cq=0x5555555d05e0, fd=-1)
    at mod_webdav.c:4056
#2  0x00007ffff7a299cd in mod_webdav_write_cq (con=con@entry=0x5555555d0020, cq=cq@entry=0x5555555d05e0, fd=-1)
    at mod_webdav.c:4121
#3  0x00007ffff7a2a66a in mod_webdav_write_single_file_chunk (cq=0x5555555d05e0, con=0x5555555d0020)
    at mod_webdav.c:4137
#4  mod_webdav_put (con=0x5555555d0020, pconf=0x55555561b600) at mod_webdav.c:4469
#5  0x00007ffff7a2b82b in mod_webdav_subrequest_handler (srv=<optimized out>, con=0x5555555d0020, p_d=<optimized out>)
    at mod_webdav.c:5502
#6  0x0000555555581243 in plugins_call_handle_subrequest ()
#7  0x000055555556ea1b in http_response_prepare ()
#8  0x0000555555570804 in connection_state_machine ()
#9  0x000055555556dd14 in ?? ()
#10 0x0000555555561d76 in main ()

Associated revisions

Revision 019efb0e (diff)
Added by gstrauss 11 days ago

[mod_webdav] fix file uploads > 128M (fixes #2970)

(thx Gundersanne)

x-ref:
"mod_webdav writes to fd=-1 when uploading large files (1000M)"
https://redmine.lighttpd.net/issues/2970

History

#1

Updated by gstrauss 11 days ago

  • Status changed from New to Patch Pending
  • Target version changed from 1.4.x to 1.4.55

Thanks for reporting this. The problem occurs for any file upload larger then 128M. This fixes it:

--- a/src/mod_webdav.c
+++ b/src/mod_webdav.c
@@ -4274,6 +4274,9 @@ mod_webdav_put_prep (connection * const con, const plugin_config * const pconf)
     }
     buffer_clear(cq->last->mem); /* file already unlink()ed */
     chunkqueue_set_tempdirs(cq, cq->tempdirs, INTMAX_MAX);
+    /* force huge cq->upload_temp_file_size since chunkqueue_set_tempdirs()
+     * might truncate upload_temp_file_size to chunk.c:MAX_TEMPFILE_SIZE */
+    cq->upload_temp_file_size = INTMAX_MAX;
     cq->last->file.is_temp = 1;

     return HANDLER_GO_ON;
#2

Updated by gstrauss 10 days ago

  • Status changed from Patch Pending to Fixed
  • % Done changed from 0 to 100

Also available in: Atom