artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4a45226) | patch
Avoid a NULL dereference when handling a malformed fastcgi request.
authormillert <millert@openbsd.org>
Wed, 8 Nov 2023 19:19:10 +0000 (19:19 +0000)
committermillert <millert@openbsd.org>
Wed, 8 Nov 2023 19:19:10 +0000 (19:19 +0000)
commit76ed904538b7966e735c4736a6e2cf7222ad67cf
treef7e619aa0c63424f816224cc0956861e283b975ftree | snapshot
parent4a452264ff90c002da64d5a5352b71a3dc07a521commit | diff
Avoid a NULL dereference when handling a malformed fastcgi request.

Rework the hack to avoid a use-after-free in the fastcgi code.
Since server_fcgi() can be called by server_read_httpcontent() we
can't set clt_fcgi_error to NULL.  Instead, we implement a simple
reference count to track when a fastcgi session is in progress to
avoid closing the http session prematurely on fastcgi error.
Based on a diff from and OK by tb@.  Reported by Ben Kallus.
usr.sbin/httpd/httpd.h diff | blob | history
usr.sbin/httpd/server.c diff | blob | history
usr.sbin/httpd/server_fcgi.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim