Browse Source

Insert many con->mode checks; they should prevent two modules to handle the same request if they shouldn't (#631)

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2271 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/tags/lighttpd-1.4.20
Stefan Bühler 14 years ago
parent
commit
ad12e4c5b2
  1. 1
      NEWS
  2. 3
      src/http-header-glue.c
  3. 1
      src/mod_access.c
  4. 2
      src/mod_auth.c
  5. 3
      src/mod_cgi.c
  6. 2
      src/mod_dirlisting.c
  7. 1
      src/mod_evasive.c
  8. 2
      src/mod_fastcgi.c
  9. 2
      src/mod_flv_streaming.c
  10. 2
      src/mod_indexfile.c
  11. 3
      src/mod_magnet.c
  12. 1
      src/mod_mysql_vhost.c
  13. 2
      src/mod_proxy.c
  14. 1
      src/mod_redirect.c
  15. 11
      src/mod_scgi.c
  16. 2
      src/mod_secure_download.c
  17. 2
      src/mod_skeleton.c
  18. 4
      src/mod_ssi.c
  19. 2
      src/mod_status.c
  20. 2
      src/mod_trigger_b4_dl.c
  21. 1
      src/mod_uploadprogress.c

1
NEWS

@ -44,6 +44,7 @@ NEWS
* fixed round-robin balancing in mod_proxy (#1715)
* fixed EINTR handling for waitpid in mod_fastcgi
* mod_{fast,s}cgi: overwrite environment variables (#1722)
* inserted many con->mode checks; they should prevent two modules to handle the same request if they shouldn't (#631)
- 1.4.19 - 2008-03-10

3
src/http-header-glue.c

@ -272,6 +272,7 @@ int http_response_handle_cachable(server *srv, connection *con, buffer *mtime) {
con->request.http_if_modified_since, used_len, sizeof(buf) - 1);
con->http_status = 412;
con->mode = DIRECT;
return HANDLER_FINISHED;
}
@ -281,6 +282,7 @@ int http_response_handle_cachable(server *srv, connection *con, buffer *mtime) {
if (NULL == strptime(buf, "%a, %d %b %Y %H:%M:%S GMT", &tm)) {
con->http_status = 412;
con->mode = DIRECT;
return HANDLER_FINISHED;
}
t_header = mktime(&tm);
@ -299,6 +301,7 @@ int http_response_handle_cachable(server *srv, connection *con, buffer *mtime) {
}
} else {
con->http_status = 412;
con->mode = DIRECT;
return HANDLER_FINISHED;
}
}

1
src/mod_access.c

@ -159,6 +159,7 @@ URIHANDLER_FUNC(mod_access_uri_handler) {
if (denied) {
con->http_status = 403;
con->mode = DIRECT;
if (con->conf.log_request_handling) {
log_error_write(srv, __FILE__, __LINE__, "sb",

2
src/mod_auth.c

@ -248,6 +248,7 @@ static handler_t mod_auth_uri_handler(server *srv, connection *con, void *p_d) {
if (0 == strcmp(method->value->ptr, "digest")) {
if (-1 == (auth_satisfied = http_auth_digest_check(srv, con, p, req, con->uri.path, auth_realm+1))) {
con->http_status = 400;
con->mode = DIRECT;
/* a field was missing */
@ -268,6 +269,7 @@ static handler_t mod_auth_uri_handler(server *srv, connection *con, void *p_d) {
realm = (data_string *)array_get_element(req, "realm");
con->http_status = 401;
con->mode = DIRECT;
if (0 == strcmp(method->value->ptr, "basic")) {
buffer_copy_string_len(p->tmp_buf, CONST_STR_LEN("Basic realm=\""));

3
src/mod_cgi.c

@ -1180,6 +1180,8 @@ URIHANDLER_FUNC(cgi_is_handled) {
plugin_data *p = p_d;
buffer *fn = con->physical.path;
if (con->mode != DIRECT) return HANDLER_GO_ON;
if (fn->used == 0) return HANDLER_GO_ON;
mod_cgi_patch_connection(srv, con, p);
@ -1195,6 +1197,7 @@ URIHANDLER_FUNC(cgi_is_handled) {
if (0 == strncmp(fn->ptr + s_len - ct_len, ds->key->ptr, ct_len)) {
if (cgi_create_env(srv, con, p, ds->value)) {
con->mode = DIRECT;
con->http_status = 500;
buffer_reset(con->physical.path);

2
src/mod_dirlisting.c

@ -869,6 +869,8 @@ URIHANDLER_FUNC(mod_dirlisting_subrequest) {
return HANDLER_GO_ON;
}
if (con->mode != DIRECT) return HANDLER_GO_ON;
if (con->physical.path->used == 0) return HANDLER_GO_ON;
if (con->uri.path->used == 0) return HANDLER_GO_ON;
if (con->uri.path->ptr[con->uri.path->used - 2] != '/') return HANDLER_GO_ON;

1
src/mod_evasive.c

@ -177,6 +177,7 @@ URIHANDLER_FUNC(mod_evasive_uri_handler) {
"turned away. Too many connections.");
con->http_status = 403;
con->mode = DIRECT;
return HANDLER_FINISHED;
}
}

2
src/mod_fastcgi.c

@ -3464,6 +3464,8 @@ static handler_t fcgi_check_extension(server *srv, connection *con, void *p_d, i
fcgi_extension *extension = NULL;
fcgi_extension_host *host = NULL;
if (con->mode != DIRECT) return HANDLER_GO_ON;
/* Possibly, we processed already this request */
if (con->file_started == 1) return HANDLER_GO_ON;

2
src/mod_flv_streaming.c

@ -193,6 +193,8 @@ URIHANDLER_FUNC(mod_flv_streaming_path_handler) {
UNUSED(srv);
if (con->mode != DIRECT) return HANDLER_GO_ON;
if (buffer_is_empty(con->physical.path)) return HANDLER_GO_ON;
mod_flv_streaming_patch_connection(srv, con, p);

2
src/mod_indexfile.c

@ -140,6 +140,8 @@ URIHANDLER_FUNC(mod_indexfile_subrequest) {
size_t k;
stat_cache_entry *sce = NULL;
if (con->mode != DIRECT) return HANDLER_GO_ON;
if (con->uri.path->used == 0) return HANDLER_GO_ON;
if (con->uri.path->ptr[con->uri.path->used - 2] != '/') return HANDLER_GO_ON;

3
src/mod_magnet.c

@ -653,6 +653,7 @@ static handler_t magnet_attract(server *srv, connection *con, plugin_data *p, bu
assert(lua_gettop(L) == 0); /* only the function should be on the stack */
con->http_status = 500;
con->mode = DIRECT;
return HANDLER_FINISHED;
}
@ -750,6 +751,7 @@ static handler_t magnet_attract(server *srv, connection *con, plugin_data *p, bu
assert(lua_gettop(L) == 1); /* only the function should be on the stack */
con->http_status = 500;
con->mode = DIRECT;
return HANDLER_FINISHED;
}
@ -778,6 +780,7 @@ static handler_t magnet_attract(server *srv, connection *con, plugin_data *p, bu
} else {
/* } catch () { */
con->http_status = 500;
con->mode = DIRECT;
}
assert(lua_gettop(L) == 1); /* only the function should be on the stack */

1
src/mod_mysql_vhost.c

@ -410,6 +410,7 @@ GO_ON: buffer_copy_string_buffer(con->server_name, c->server_name);
ERR500: if (result) mysql_free_result(result);
con->http_status = 500; /* Internal Error */
con->mode = DIRECT;
return HANDLER_FINISHED;
}

2
src/mod_proxy.c

@ -1060,6 +1060,8 @@ static handler_t mod_proxy_check_extension(server *srv, connection *con, void *p
data_array *extension = NULL;
size_t path_info_offset;
if (con->mode != DIRECT) return HANDLER_GO_ON;
/* Possibly, we processed already this request */
if (con->file_started == 1) return HANDLER_GO_ON;

1
src/mod_redirect.c

@ -253,6 +253,7 @@ static handler_t mod_redirect_uri_handler(server *srv, connection *con, void *p_
response_header_insert(srv, con, CONST_STR_LEN("Location"), CONST_BUF_LEN(p->location));
con->http_status = 301;
con->mode = DIRECT;
con->file_finished = 1;
return HANDLER_FINISHED;

11
src/mod_scgi.c

@ -1187,11 +1187,6 @@ void scgi_connection_cleanup(server *srv, handler_ctx *hctx) {
p = hctx->plugin_data;
con = hctx->remote_conn;
if (con->mode != p->id) {
WP();
return;
}
if (hctx->fd != -1) {
fdevent_event_del(srv->ev, &(hctx->fde_ndx), hctx->fd);
fdevent_unregister(srv->ev, hctx->fd);
@ -2469,15 +2464,11 @@ static handler_t scgi_connection_close(server *srv, handler_ctx *hctx) {
p = hctx->plugin_data;
con = hctx->remote_conn;
if (con->mode != p->id) return HANDLER_GO_ON;
log_error_write(srv, __FILE__, __LINE__, "ssdsd",
"emergency exit: scgi:",
"connection-fd:", con->fd,
"fcgi-fd:", hctx->fd);
scgi_connection_cleanup(srv, hctx);
return HANDLER_FINISHED;
@ -2704,6 +2695,8 @@ static handler_t scgi_check_extension(server *srv, connection *con, void *p_d, i
scgi_extension *extension = NULL;
scgi_extension_host *host = NULL;
if (con->mode != DIRECT) return HANDLER_GO_ON;
/* Possibly, we processed already this request */
if (con->file_started == 1) return HANDLER_GO_ON;

2
src/mod_secure_download.c

@ -204,6 +204,8 @@ URIHANDLER_FUNC(mod_secdownload_uri_handler) {
time_t ts = 0;
size_t i;
if (con->mode != DIRECT) return HANDLER_GO_ON;
if (con->uri.path->used == 0) return HANDLER_GO_ON;
mod_secdownload_patch_connection(srv, con, p);

2
src/mod_skeleton.c

@ -169,6 +169,8 @@ URIHANDLER_FUNC(mod_skeleton_uri_handler) {
UNUSED(srv);
if (con->mode != DIRECT) return HANDLER_GO_ON;
if (con->uri.path->used == 0) return HANDLER_GO_ON;
mod_skeleton_patch_connection(srv, con, p);

4
src/mod_ssi.c

@ -1027,6 +1027,7 @@ static int mod_ssi_handle_request(server *srv, connection *con, plugin_data *p)
con->file_started = 1;
con->file_finished = 1;
con->mode = p->id;
response_header_overwrite(srv, con, CONST_STR_LEN("Content-Type"), CONST_STR_LEN("text/html"));
@ -1094,6 +1095,8 @@ URIHANDLER_FUNC(mod_ssi_physical_path) {
plugin_data *p = p_d;
size_t k;
if (con->mode != DIRECT) return HANDLER_GO_ON;
if (con->physical.path->used == 0) return HANDLER_GO_ON;
mod_ssi_patch_connection(srv, con, p);
@ -1109,6 +1112,7 @@ URIHANDLER_FUNC(mod_ssi_physical_path) {
if (mod_ssi_handle_request(srv, con, p)) {
/* on error */
con->http_status = 500;
con->mode = DIRECT;
}
return HANDLER_FINISHED;

2
src/mod_status.c

@ -792,6 +792,8 @@ static int mod_status_patch_connection(server *srv, connection *con, plugin_data
static handler_t mod_status_handler(server *srv, connection *con, void *p_d) {
plugin_data *p = p_d;
if (con->mode != DIRECT) return HANDLER_GO_ON;
mod_status_patch_connection(srv, con, p);
if (!buffer_is_empty(p->conf.status_url) &&

2
src/mod_trigger_b4_dl.c

@ -316,6 +316,8 @@ URIHANDLER_FUNC(mod_trigger_b4_dl_uri_handler) {
# define N 10
int ovec[N * 3];
if (con->mode != DIRECT) return HANDLER_GO_ON;
if (con->uri.path->used == 0) return HANDLER_GO_ON;
mod_trigger_b4_dl_patch_connection(srv, con, p);

1
src/mod_uploadprogress.c

@ -355,6 +355,7 @@ URIHANDLER_FUNC(mod_uploadprogress_uri_handler) {
con->file_finished = 1;
con->http_status = 200;
con->mode = DIRECT;
/* get the connection */
if (NULL == (post_con = connection_map_get_connection(p->con_map, b))) {

Loading…
Cancel
Save