Project

General

Profile

Actions
Copy link

Bug #476

closed

HTTP/1.0 Request Crash lighttpd when using mod_proxy

Added by Anonymous about 19 years ago. Updated about 18 years ago.

Status:
Fixed
Priority:
Normal
Category:
core
Target version:
-
ASK QUESTIONS IN Forums:

Description

This is on a FreeBSD 4.11 system running the lighttpd port, version 1.4.8_1 and using the freebsd-kqueue handler.

When mod_proxy is loaded, and you try to do a HTTP/1.0 get request the server segfaults. Here's the output of my debugging:


(gdb) run -D -f /usr/home/mike/lighttpd.conf2
Starting program: /usr/local/sbin/lighttpd -D -f /usr/home/mike/lighttpd.conf2

Program received signal SIGSEGV, Segmentation fault.
0x28256ff7 in proxy_create_env (srv=0x806b000, hctx=0x80e92c0) at mod_proxy.c:442
442     mod_proxy.c: No such file or directory.
(gdb) bt
#0  0x28256ff7 in proxy_create_env (srv=0x806b000, hctx=0x80e92c0) at mod_proxy.c:442
#1  0x28257a6a in proxy_write_request (srv=0x806b000, hctx=0x80e92c0) at mod_proxy.c:807
#2  0x28257d4c in mod_proxy_handle_subrequest (srv=0x806b000, con=0x8078200, p_d=0x806a380)
    at mod_proxy.c:905
#3  0x805b362 in plugins_call_handle_subrequest (srv=0x806b000, con=0x8078200)
    at plugin.c:248
#4  0x804f7a1 in http_response_prepare (srv=0x806b000, con=0x8078200) at response.c:563
#5  0x805163a in connection_state_machine (srv=0x806b000, con=0x8078200)
    at connections.c:1352
#6  0x804e5cf in main (argc=4, argv=0xbfbffa08) at server.c:1132
(gdb) c
Continuing.

Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.

Here's the request that killed the beast:


GET / HTTP/1.0

Connection closed by foreign host.

-- mike.lighttpd

Actions
Copy link
 #1

Updated by conny about 19 years ago

As far as I can tell, this seems to be fixed in version 1.4.9.

Actions
Copy link
 #2

Updated by conny about 19 years ago

I was eventually able to reproduce the bug in 1.4.9 after a while: the situation seems to arise during the following conditions:

  • "/foo" represents a proxied URL
  • "/foo" causes the backend server to return a 30x redirect (common example: "/foo" -> "/foo/"
  • Any valid HTTP/1.1 request works as expected
  • "GET /foo/ HTTP/1.0" works as expected
  • "GET /foo HTTP/1.0" causes lighttpd to crash
  • "GET /foo HTTP/1.0" plus "Host: whatever" works!
Actions
Copy link
 #3

Updated by conny about 19 years ago

Sorry for the noise. I am not able to reproduce it in any reliable way under 1.4.9. So I'll assume it's fixed, unless otherwise proven :-)

Actions
Copy link
 #4

Updated by conny about 19 years ago

Perhaps this was something to do with the X-Host which seem to be fixed now.

Mike: can you still reproduce the crash with 1.4.10?

Actions
Copy link
 #5

Updated by jakabosky about 18 years ago

  • Status changed from New to Fixed
  • Resolution set to fixed

fixed in r901 1.4.x branch and included in releases since atleast 1.4.11

Actions
Copy link

Also available in: Atom