diff options
author | Christian Grothoff <christian@grothoff.org> | 2011-03-11 21:30:24 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2011-03-11 21:30:24 +0000 |
commit | cd8920a28dbdc0eeb2c58bacd80b7a215baecbd4 (patch) | |
tree | 88591962c2ae54dfa0337aa7c4e461dfdeb39c50 /README | |
parent | 4899ea8e77e76368bcd2c22b51f28b6877f6b529 (diff) | |
download | libmicrohttpd-cd8920a28dbdc0eeb2c58bacd80b7a215baecbd4.tar.gz libmicrohttpd-cd8920a28dbdc0eeb2c58bacd80b7a215baecbd4.zip |
libmicrohttpd] bug in MHD_create_response_from_fd_at_offset()
From:
Eivind Sarto <ivan@espial.com>
To:
"libmicrohttpd@gnu.org" <libmicrohttpd@gnu.org>
Date:
Today 09:32:21 pm
Spam Status: Spamassassin 0% probability of being spam.
Full report:
Probability=No, score=-2.6 required=7.0 tests=BAYES_00 autolearn=ham version=3.2.5-tuminfo_1
There appears to be a bug in MHD_create_response_from_fd_at_offset().
Calling this function with anything other than a zero offset will cause wrong data
or no data (sendfile fails if length < 0).
If you use this call with any application that uses ranges, this bug will trigger.
In src/daemon/daemon.c: send_param_adapter()
.....
/* can use sendfile */
offset = (off_t) connection->response_write_position + connection->response->fd_off;
#ifdef BUGFIX
/* correct */
left = connection->response->total_size - connection->response_write_position;
#else
left = connection->response->total_size - offset;
#endif
if (left > SSIZE_MAX)
left = SSIZE_MAX; /* cap at return value limit */
ret = sendfile (connection->socket_fd,
fd,
&offset,
left);
-eivind
Diffstat (limited to 'README')
0 files changed, 0 insertions, 0 deletions