Ticket #1217: 0001-Move-path-on-to-the-heap.patch

File 0001-Move-path-on-to-the-heap.patch, 2.4 KB (added by muks, 8 years ago)

Patch which may fix this issue. Please try it.

  • third-party/shttpd/shttpd.c

    From c88f5c10bd82d0b8f7f2622f30353edc988fa711 Mon Sep 17 00:00:00 2001
    From: Mukund Sivaraman <muks@banu.com>
    Date: Mon, 25 Aug 2008 05:58:16 +0530
    Subject: [PATCH] Move path on to the heap
    
    This should fix bug #1217 where a crash happens probably
    because OpenBSD's default thread stack size is 64KB and
    decide_what_to_do() allocates path[65536] as an auto
    variable.
    ---
     third-party/shttpd/shttpd.c |   15 +++++++++------
     1 files changed, 9 insertions(+), 6 deletions(-)
    
    diff --git a/third-party/shttpd/shttpd.c b/third-party/shttpd/shttpd.c
    index 13d99c8..03589b4 100644
    a b get_path_info(struct conn *c, char *path, struct stat *stp) 
    530530static void
    531531decide_what_to_do(struct conn *c)
    532532{
    533         char            path[URI_MAX], buf[1024], *root;
     533        char            *path, buf[1024], *root;
    534534        struct vec      alias_uri, alias_path;
    535535        struct stat     st;
    536536        int             rc;
    decide_what_to_do(struct conn *c) 
    543543
    544544        url_decode(c->uri, strlen(c->uri), c->uri, strlen(c->uri) + 1);
    545545        remove_double_dots(c->uri);
    546        
     546
    547547        root = c->ctx->options[OPT_ROOT];
    548         if (strlen(c->uri) + strlen(root) >= sizeof(path)) {
     548        if (strlen(c->uri) + strlen(root) >= URI_MAX) {
    549549                send_server_error(c, 400, "URI is too long");
    550550                return;
    551551        }
    552552
    553         (void) my_snprintf(path, sizeof(path), "%s%s", root, c->uri);
     553        path = malloc(URI_MAX);
     554        (void) my_snprintf(path, URI_MAX, "%s%s", root, c->uri);
    554555
    555556        /* User may use the aliases - check URI for mount point */
    556557        if (is_alias(c->ctx, c->uri, &alias_uri, &alias_path) != NULL) {
    557                 (void) my_snprintf(path, sizeof(path), "%.*s%s",
     558                (void) my_snprintf(path, URI_MAX, "%.*s%s",
    558559                    alias_path.len, alias_path.ptr, c->uri + alias_uri.len);
    559560                DBG(("using alias %.*s -> %.*s", alias_uri.len, alias_uri.ptr,
    560561                    alias_path.len, alias_path.ptr));
    decide_what_to_do(struct conn *c) 
    611612                        "Moved Permanently\r\nLocation: %s/", c->uri);
    612613                send_server_error(c, 301, buf);
    613614        } else if (S_ISDIR(st.st_mode) &&
    614             find_index_file(c, path, sizeof(path) - 1, &st) == -1 &&
     615            find_index_file(c, path, URI_MAX - 1, &st) == -1 &&
    615616            !IS_TRUE(c->ctx, OPT_DIR_LIST)) {
    616617                send_server_error(c, 403, "Directory Listing Denied");
    617618        } else if (S_ISDIR(st.st_mode) && IS_TRUE(c->ctx, OPT_DIR_LIST)) {
    decide_what_to_do(struct conn *c) 
    648649        } else {
    649650                send_server_error(c, 500, "Internal Error");
    650651        }
     652
     653        free(path);
    651654}
    652655
    653656static int