diff options
| author | Christian Grothoff <christian@grothoff.org> | 2011-03-11 21:30:24 +0000 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2011-03-11 21:30:24 +0000 |
| commit | cd8920a28dbdc0eeb2c58bacd80b7a215baecbd4 (patch) | |
| tree | 88591962c2ae54dfa0337aa7c4e461dfdeb39c50 | |
| parent | 4899ea8e77e76368bcd2c22b51f28b6877f6b529 (diff) | |
| download | libmicrohttpd-cd8920a28dbdc0eeb2c58bacd80b7a215baecbd4.tar.gz libmicrohttpd-cd8920a28dbdc0eeb2c58bacd80b7a215baecbd4.zip | |
libmicrohttpd] bug in MHD_create_response_from_fd_at_offset()
From:
Eivind Sarto <ivan@espial.com>
To:
"libmicrohttpd@gnu.org" <libmicrohttpd@gnu.org>
Date:
Today 09:32:21 pm
Spam Status: Spamassassin 0% probability of being spam.
Full report:
Probability=No, score=-2.6 required=7.0 tests=BAYES_00 autolearn=ham version=3.2.5-tuminfo_1
There appears to be a bug in MHD_create_response_from_fd_at_offset().
Calling this function with anything other than a zero offset will cause wrong data
or no data (sendfile fails if length < 0).
If you use this call with any application that uses ranges, this bug will trigger.
In src/daemon/daemon.c: send_param_adapter()
.....
/* can use sendfile */
offset = (off_t) connection->response_write_position + connection->response->fd_off;
#ifdef BUGFIX
/* correct */
left = connection->response->total_size - connection->response_write_position;
#else
left = connection->response->total_size - offset;
#endif
if (left > SSIZE_MAX)
left = SSIZE_MAX; /* cap at return value limit */
ret = sendfile (connection->socket_fd,
fd,
&offset,
left);
-eivind
| -rw-r--r-- | AUTHORS | 1 | ||||
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | src/daemon/daemon.c | 2 |
3 files changed, 5 insertions, 1 deletions
| @@ -29,6 +29,7 @@ Piotr Grzybowski <narsil.pl@gmail.com> | |||
| 29 | Gerrit Telkamp <g.telkamp@domologic.de> | 29 | Gerrit Telkamp <g.telkamp@domologic.de> |
| 30 | Erik Slagter <erik@slagter.name> | 30 | Erik Slagter <erik@slagter.name> |
| 31 | Andreas Wehrmann <a.wehrmann@centersystems.com> | 31 | Andreas Wehrmann <a.wehrmann@centersystems.com> |
| 32 | Eivind Sarto <ivan@espial.com> | ||
| 32 | 33 | ||
| 33 | Documentation contributions also came from: | 34 | Documentation contributions also came from: |
| 34 | Marco Maggi <marco.maggi-ipsu@poste.it> | 35 | Marco Maggi <marco.maggi-ipsu@poste.it> |
| @@ -1,3 +1,6 @@ | |||
| 1 | Fri Mar 11 22:25:29 CET 2011 | ||
| 2 | Fixing bug in MHD_create_response_from_fd_at_offset with non-zero offsets. -ES | ||
| 3 | |||
| 1 | Sat Mar 5 22:00:36 CET 2011 | 4 | Sat Mar 5 22:00:36 CET 2011 |
| 2 | Do not use POLLRDHUP, which causes build errors on OS X / OpenSolaris | 5 | Do not use POLLRDHUP, which causes build errors on OS X / OpenSolaris |
| 3 | (#1667). -CG | 6 | (#1667). -CG |
diff --git a/src/daemon/daemon.c b/src/daemon/daemon.c index efa8b018..23836168 100644 --- a/src/daemon/daemon.c +++ b/src/daemon/daemon.c | |||
| @@ -746,7 +746,7 @@ send_param_adapter (struct MHD_Connection *connection, | |||
| 746 | { | 746 | { |
| 747 | /* can use sendfile */ | 747 | /* can use sendfile */ |
| 748 | offset = (off_t) connection->response_write_position + connection->response->fd_off; | 748 | offset = (off_t) connection->response_write_position + connection->response->fd_off; |
| 749 | left = connection->response->total_size - offset; | 749 | left = connection->response->total_size - connection->response_write_position; |
| 750 | if (left > SSIZE_MAX) | 750 | if (left > SSIZE_MAX) |
| 751 | left = SSIZE_MAX; /* cap at return value limit */ | 751 | left = SSIZE_MAX; /* cap at return value limit */ |
| 752 | ret = sendfile (connection->socket_fd, | 752 | ret = sendfile (connection->socket_fd, |