Project

General

Profile

Actions

Bug #3052

closed

segfault with mod_scgi on backend server with unix socket domain

Added by hamelg 7 months ago. Updated 7 months ago.

Status:
Fixed
Priority:
Normal
Category:
mod_scgi
Target version:
ASK QUESTIONS IN Forums:
No

Description

OK: 1.4.56
Broken: 1.4.57
Broken : 1.4.58

Example config:


server.modules += ( "mod_scgi" )
scgi.server = (
    "/RPC2" =>
        ((
             "socket" => "/tmp/a_socket",
              "check-local" => "disable",
         ))
)

GET /RPC2

lighttpd 1.4.58 crashes with this backtrace in these 2 conditions :
  • the file /tmp/a_socket doesn't exist
  • the socket file exists and no process listen on it


(gdb) bt
#0  0x0000557c889ca3dc in gw_proc_check_enable (host=host@entry=0x557c88ca1620, proc=proc@entry=0x557c88ca16d0, errh=errh@entry=0x557c88c49770) at gw_backend.c:315
#1  0x0000557c889ca9c8 in gw_proc_check_enable (errh=0x557c88c49770, proc=0x557c88ca16d0, host=0x557c88ca1620) at gw_backend.c:311
#2  gw_restart_dead_procs (host=0x557c88ca1620, errh=0x557c88c49770, debug=0, trigger=1) at gw_backend.c:1011
#3  0x0000557c889e65ea in gw_handle_trigger_host (debug=0, errh=<optimized out>, host=0x557c88ca1620) at gw_backend.c:2594
#4  gw_handle_trigger_exts (debug=<optimized out>, errh=<optimized out>, exts=<optimized out>) at gw_backend.c:2646
#5  gw_handle_trigger (srv=<optimized out>, p_d=0x557c88c98d60) at gw_backend.c:2697
#6  0x0000557c889e89ff in plugins_call_fn_srv_data_all (e=7, srv=srv@entry=0x557c88c49580) at plugin.c:311
#7  plugins_call_handle_trigger (srv=srv@entry=0x557c88c49580) at plugin.c:370
#8  0x0000557c889d1093 in server_handle_sigalrm (srv=0x557c88c49580, min_ts=1610138102, last_active_ts=1610138100) at server.c:1795
#9  0x0000557c889d06a5 in server_main_loop (srv=0x557c88c49580) at server.c:1887
#10 0x0000557c889be5e6 in main (argc=4, argv=0x7ffe3489f678) at server.c:1960
Actions #1

Updated by gstrauss 7 months ago

  • Target version changed from 1.4.x to 1.4.59

Thanks for letting us know. It appears that gw_host * const host member (host->host) is NULL and derefencing (host->host->ptr) results in the a crash. I'll trace back to find out why.

Actions #2

Updated by gstrauss 7 months ago

While lighttpd does not start the backend (via "bin-path"), then there is a chance that host->host might not be initialized.

--- a/src/gw_backend.c
+++ b/src/gw_backend.c
@@ -314,7 +314,8 @@ static void gw_proc_check_enable(gw_host * const host, gw_proc * const proc, log

     log_error(errh, __FILE__, __LINE__,
       "gw-server re-enabled: %s %s %hu %s",
-      proc->connection_name->ptr, host->host->ptr, host->port,
+      proc->connection_name->ptr,
+      host->host ? host->host->ptr : "", host->port,
       host->unixsocket && host->unixsocket->ptr ? host->unixsocket->ptr : "");
 }

There are some other places in gw_backend.c which I will fix, but those paths are only hit when debug is enabled.

Actions #3

Updated by gstrauss 7 months ago

  • Status changed from New to Patch Pending
Actions #4

Updated by gstrauss 7 months ago

  • Status changed from Patch Pending to Fixed
Actions

Also available in: Atom