You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Allan Edwards <ak...@meepzor.com> on 2000/12/21 01:05:33 UTC

early close crash (2.0b1)

This problem was hit on NT but it looks like it will be 
a problem on other platforms too. If the connection is 
closed before a complete request is received the server
will crash in ap_http_filter due to an empty brigade.

I believe this patch will fix the problem but still being 
on the learning curve for input filtering I'd appreciate
other eyes making sure nothing was missed.

Allan

Index: http_protocol.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/http/http_protocol.c,v
retrieving revision 1.258
diff -u -d -b -r1.258 http_protocol.c
--- http_protocol.c	2000/12/20 23:13:01	1.258
+++ http_protocol.c	2000/12/20 23:49:13
@@ -969,6 +969,10 @@
         const char *str;
         apr_size_t length;
 
+        if (AP_BRIGADE_EMPTY(ctx->b)) {
+            return APR_EOF;
+            }
+
         e = AP_BRIGADE_FIRST(ctx->b);
         while (e->length == 0) {
             AP_BUCKET_REMOVE(e);

Re: early close crash (2.0b1)

Posted by rb...@covalent.net.

Good catch.  Please apply before the beta.

Ryan

On Wed, 20 Dec 2000, Allan Edwards wrote:

> This problem was hit on NT but it looks like it will be 
> a problem on other platforms too. If the connection is 
> closed before a complete request is received the server
> will crash in ap_http_filter due to an empty brigade.
> 
> I believe this patch will fix the problem but still being 
> on the learning curve for input filtering I'd appreciate
> other eyes making sure nothing was missed.
> 
> Allan
> 
> Index: http_protocol.c
> ===================================================================
> RCS file: /home/cvs/httpd-2.0/modules/http/http_protocol.c,v
> retrieving revision 1.258
> diff -u -d -b -r1.258 http_protocol.c
> --- http_protocol.c	2000/12/20 23:13:01	1.258
> +++ http_protocol.c	2000/12/20 23:49:13
> @@ -969,6 +969,10 @@
>          const char *str;
>          apr_size_t length;
>  
> +        if (AP_BRIGADE_EMPTY(ctx->b)) {
> +            return APR_EOF;
> +            }
> +
>          e = AP_BRIGADE_FIRST(ctx->b);
>          while (e->length == 0) {
>              AP_BUCKET_REMOVE(e);
> 
> 


_______________________________________________________________________________
Ryan Bloom                        	rbb@apache.org
406 29th St.
San Francisco, CA 94131
-------------------------------------------------------------------------------