changeset
fix cgi response could send an uninitialized buffer
Wed, 31 May 2023 19:39:10 +0200
- author
- Olaf Wintermann <olaf.wintermann@gmail.com>
- date
- Wed, 31 May 2023 19:39:10 +0200
- changeset 497
- 8827517054ec
- parent 496
- d511c13ba68d
- child 498
- 0d80f8a2b29f
fix cgi response could send an uninitialized buffer
| src/server/safs/cgi.c | file | annotate | diff | comparison | revisions |
--- a/src/server/safs/cgi.c Wed May 31 13:08:49 2023 +0200 +++ b/src/server/safs/cgi.c Wed May 31 19:39:10 2023 +0200 @@ -240,9 +240,7 @@ // copy remaining bytes to the write buffer // we assume there are no remaining bytes in writebuf size_t remaining = size-pos; - if(remaining <= handler->writebuf_alloc) { - memcpy(handler->writebuf, buf+pos, remaining); - } else { + if(remaining > handler->writebuf_alloc) { handler->writebuf_alloc = size > 4096 ? size : 4096; handler->writebuf = pool_realloc(sn->pool, handler->writebuf, handler->writebuf_alloc); if(!handler->writebuf) { @@ -250,6 +248,7 @@ return 1; } } + memcpy(handler->writebuf, buf+pos, remaining); handler->writebuf_size = remaining; handler->writebuf_pos = 0; @@ -261,9 +260,9 @@ } handler->poll_out = TRUE; } - return 1; + } else { + handler->result = REQ_ABORTED; } - handler->result = REQ_ABORTED; return 1; } @@ -293,6 +292,7 @@ // try to flush handler->writebuf // if writebuf is empty, this does nothing and returns 0 if(cgi_try_write_flush(handler, sn)) { + log_ereport(LOG_DEBUG, "cgi-send: req: %p write failed: abort", rq); return handler->result == REQ_ABORTED ? 0 : 1; } @@ -461,6 +461,7 @@ Session *sn = parser->sn; Request *rq = parser->rq; + log_ereport(LOG_DEBUG, "cgi-send: req: %p event-finish", rq); if(handler->result == REQ_ABORTED) { log_ereport(LOG_FAILURE, "cgi-send: kill script: %s", handler->path); kill(handler->process.pid, SIGKILL); @@ -507,6 +508,7 @@ net_setnonblock(sn->csd, 0); // return to nsapi loop + log_ereport(LOG_DEBUG, "cgi-send: req: %p event-finish nsapi return", rq); nsapi_function_return(sn, rq, handler->result); return 0; }
