libmicrohttpd

HTTP/1.x server C library (MHD 1.x, stable)
Log | Files | Refs | Submodules | README | LICENSE
commit cd8920a28dbdc0eeb2c58bacd80b7a215baecbd4
parent 4899ea8e77e76368bcd2c22b51f28b6877f6b529
Author: Christian Grothoff <christian@grothoff.org>
Date:   Fri, 11 Mar 2011 21:30:24 +0000

libmicrohttpd] bug in MHD_create_response_from_fd_at_offset()
From: 
Eivind Sarto <ivan@espial.com>
  To: 
"libmicrohttpd@gnu.org" <libmicrohttpd@gnu.org>
  Date: 
Today 09:32:21 pm
   
  Spam Status: Spamassassin 0% probability of being spam.

Full report:
Probability=No, score=-2.6 required=7.0 tests=BAYES_00 autolearn=ham version=3.2.5-tuminfo_1  
There appears to be a bug in  MHD_create_response_from_fd_at_offset().
Calling this function with anything other than a zero offset will cause wrong data
or no data (sendfile fails if length < 0).

If you use this call with any application that uses ranges, this bug will trigger.

In src/daemon/daemon.c: send_param_adapter()
      .....
      /* can use sendfile */
      offset = (off_t) connection->response_write_position + connection->response->fd_off;
#ifdef BUGFIX
      /* correct */
      left = connection->response->total_size -  connection->response_write_position;
#else
      left = connection->response->total_size - offset;
#endif
      if (left > SSIZE_MAX)
        left = SSIZE_MAX; /* cap at return value limit */
      ret = sendfile (connection->socket_fd,
                      fd,
                      &offset,
                      left);


-eivind


Diffstat:

MAUTHORS | 1+


MChangeLog | 3+++


Msrc/daemon/daemon.c | 2+-


3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/AUTHORS b/AUTHORS
@@ -29,6 +29,7 @@ Piotr Grzybowski <narsil.pl@gmail.com>
 Gerrit Telkamp <g.telkamp@domologic.de>
 Erik Slagter <erik@slagter.name>
 Andreas Wehrmann <a.wehrmann@centersystems.com>
+Eivind Sarto <ivan@espial.com>
 
 Documentation contributions also came from:
 Marco Maggi <marco.maggi-ipsu@poste.it>
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,6 @@
+Fri Mar 11 22:25:29 CET 2011
+	Fixing bug in MHD_create_response_from_fd_at_offset with non-zero offsets. -ES
+
 Sat Mar  5 22:00:36 CET 2011
 	Do not use POLLRDHUP, which causes build errors on OS X / OpenSolaris
 	(#1667). -CG
diff --git a/src/daemon/daemon.c b/src/daemon/daemon.c
@@ -746,7 +746,7 @@ send_param_adapter (struct MHD_Connection *connection,
     {
       /* can use sendfile */
       offset = (off_t) connection->response_write_position + connection->response->fd_off;
-      left = connection->response->total_size - offset;
+      left = connection->response->total_size - connection->response_write_position;
       if (left > SSIZE_MAX)
 	left = SSIZE_MAX; /* cap at return value limit */
       ret = sendfile (connection->socket_fd,