You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Allan Edwards <ak...@meepzor.com> on 2000/12/21 01:05:33 UTC
early close crash (2.0b1)
This problem was hit on NT but it looks like it will be
a problem on other platforms too. If the connection is
closed before a complete request is received the server
will crash in ap_http_filter due to an empty brigade.
I believe this patch will fix the problem but still being
on the learning curve for input filtering I'd appreciate
other eyes making sure nothing was missed.
Allan
Index: http_protocol.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/http/http_protocol.c,v
retrieving revision 1.258
diff -u -d -b -r1.258 http_protocol.c
--- http_protocol.c 2000/12/20 23:13:01 1.258
+++ http_protocol.c 2000/12/20 23:49:13
@@ -969,6 +969,10 @@
const char *str;
apr_size_t length;
+ if (AP_BRIGADE_EMPTY(ctx->b)) {
+ return APR_EOF;
+ }
+
e = AP_BRIGADE_FIRST(ctx->b);
while (e->length == 0) {
AP_BUCKET_REMOVE(e);
Re: early close crash (2.0b1)
Posted by rb...@covalent.net.
Good catch. Please apply before the beta.
Ryan
On Wed, 20 Dec 2000, Allan Edwards wrote:
> This problem was hit on NT but it looks like it will be
> a problem on other platforms too. If the connection is
> closed before a complete request is received the server
> will crash in ap_http_filter due to an empty brigade.
>
> I believe this patch will fix the problem but still being
> on the learning curve for input filtering I'd appreciate
> other eyes making sure nothing was missed.
>
> Allan
>
> Index: http_protocol.c
> ===================================================================
> RCS file: /home/cvs/httpd-2.0/modules/http/http_protocol.c,v
> retrieving revision 1.258
> diff -u -d -b -r1.258 http_protocol.c
> --- http_protocol.c 2000/12/20 23:13:01 1.258
> +++ http_protocol.c 2000/12/20 23:49:13
> @@ -969,6 +969,10 @@
> const char *str;
> apr_size_t length;
>
> + if (AP_BRIGADE_EMPTY(ctx->b)) {
> + return APR_EOF;
> + }
> +
> e = AP_BRIGADE_FIRST(ctx->b);
> while (e->length == 0) {
> AP_BUCKET_REMOVE(e);
>
>
_______________________________________________________________________________
Ryan Bloom rbb@apache.org
406 29th St.
San Francisco, CA 94131
-------------------------------------------------------------------------------