[mod_fastcgi,mod_scgi] fix leaking file-descriptor when backend spawning failed (reported by Fortify Open Review Project)

Reference: Fortify Open Review Project - lighttpd 1.4.39 ID 22708161 - Unreleased Resource ID 22708163 - Unreleased Resource From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3097 152afb58-edef-0310-8abb-c4023f1b3aa9
2016-03-14 18:07:01 +00:00 · 2016-03-14 18:07:01 +00:00 · c5a42e932f
parent 2a8f73e7d4
commit c5a42e932f
3 changed files with 44 additions and 22 deletions
--- a/1
+++ b/1
@ -26,6 +26,7 @@ NEWS
  * [mod_proxy] use case-insensitive comparision to filter headers, send Connection: Close to backend (fixes #421)
  * [mod_dirlisting] dir-listing.hide-dotfiles = "enabled" by default (fixes #1081)
  * [mod_secdownload] fix buffer overflow in secdl_verify_mac (reported by Fortify Open Review Project)
+  * [mod_fastcgi,mod_scgi] fix leaking file-descriptor when backend spawning failed (reported by Fortify Open Review Project)

 - 1.4.39 - 2016-01-02
  * [core] fix memset_s call (fixes #2698)
--- a/src/mod_fastcgi.c
+++ b/src/mod_fastcgi.c
@ -834,10 +834,24 @@ static int parse_binpath(char_array *env, buffer *b) {
 	return 0;
 }

+#if !defined(HAVE_FORK)
 static int fcgi_spawn_connection(server *srv,
-				 plugin_data *p,
-				 fcgi_extension_host *host,
-				 fcgi_proc *proc) {
+                                 plugin_data *p,
+                                 fcgi_extension_host *host,
+                                 fcgi_proc *proc) {
+	UNUSED(srv);
+	UNUSED(p);
+	UNUSED(host);
+	UNUSED(proc);
+	return -1;
+}
+
+#else /* -> defined(HAVE_FORK) */
+
+static int fcgi_spawn_connection(server *srv,
+                                 plugin_data *p,
+                                 fcgi_extension_host *host,
+                                 fcgi_proc *proc) {
 	int fcgi_fd;
 	int socket_type, status;
 	struct timeval tv = { 0, 100 * 1000 };
@ -849,10 +863,6 @@ static int fcgi_spawn_connection(server *srv,

 	socklen_t servlen;

-#ifndef HAVE_FORK
-	return -1;
-#endif
-
 	if (p->conf.debug) {
 		log_error_write(srv, __FILE__, __LINE__, "sdb",
 				"new proc, socket:", proc->port, proc->unixsocket);
@ -986,7 +996,6 @@ static int fcgi_spawn_connection(server *srv,
 			return -1;
 		}

-#ifdef HAVE_FORK
 		switch ((child = fork())) {
 		case 0: {
 			size_t i = 0;
@ -1082,9 +1091,11 @@ static int fcgi_spawn_connection(server *srv,
 		}
 		case -1:
 			/* error */
+			close(fcgi_fd);
 			break;
 		default:
 			/* father */
+			close(fcgi_fd);

 			/* wait */
 			select(0, NULL, NULL, NULL, &tv);
@ -1134,8 +1145,8 @@ static int fcgi_spawn_connection(server *srv,

 			break;
 		}
-#endif
 	} else {
+		close(fcgi_fd);
 		proc->is_local = 0;
 		proc->pid = 0;

@ -1149,11 +1160,10 @@ static int fcgi_spawn_connection(server *srv,
 	proc->state = PROC_STATE_RUNNING;
 	host->active_procs++;

-	close(fcgi_fd);
-
 	return 0;
 }

+#endif /* HAVE_FORK */

 SETDEFAULTS_FUNC(mod_fastcgi_set_defaults) {
 	plugin_data *p = p_d;
--- a/src/mod_scgi.c
+++ b/src/mod_scgi.c
@ -641,10 +641,24 @@ static int env_add(char_array *env, const char *key, size_t key_len, const char
 	return 0;
 }

+#if !defined(HAVE_FORK)
 static int scgi_spawn_connection(server *srv,
-				 plugin_data *p,
-				 scgi_extension_host *host,
-				 scgi_proc *proc) {
+                                 plugin_data *p,
+                                 scgi_extension_host *host,
+                                 scgi_proc *proc) {
+	UNUSED(srv);
+	UNUSED(p);
+	UNUSED(host);
+	UNUSED(proc);
+	return -1;
+}
+
+#else /* -> defined(HAVE_FORK) */
+
+static int scgi_spawn_connection(server *srv,
+                                 plugin_data *p,
+                                 scgi_extension_host *host,
+                                 scgi_proc *proc) {
 	int scgi_fd;
 	int socket_type, status;
 	struct timeval tv = { 0, 100 * 1000 };
@ -656,10 +670,6 @@ static int scgi_spawn_connection(server *srv,

 	socklen_t servlen;

-#ifndef HAVE_FORK
-	return -1;
-#endif
-
 	if (p->conf.debug) {
 		log_error_write(srv, __FILE__, __LINE__, "sdb",
 				"new proc, socket:", proc->port, proc->socket);
@ -780,7 +790,6 @@ static int scgi_spawn_connection(server *srv,
 			return -1;
 		}

-#ifdef HAVE_FORK
 		switch ((child = fork())) {
 		case 0: {
 			buffer *b;
@ -861,9 +870,11 @@ static int scgi_spawn_connection(server *srv,
 		}
 		case -1:
 			/* error */
+			close(scgi_fd);
 			break;
 		default:
 			/* father */
+			close(scgi_fd);

 			/* wait */
 			select(0, NULL, NULL, NULL, &tv);
@ -902,8 +913,9 @@ static int scgi_spawn_connection(server *srv,

 			break;
 		}
-#endif
 	} else {
+		close(scgi_fd);
+
 		proc->is_local = 0;
 		proc->pid = 0;

@ -917,11 +929,10 @@ static int scgi_spawn_connection(server *srv,
 	proc->state = PROC_STATE_RUNNING;
 	host->active_procs++;

-	close(scgi_fd);
-
 	return 0;
 }

+#endif /* HAVE_FORK */

 SETDEFAULTS_FUNC(mod_scgi_set_defaults) {
 	plugin_data *p = p_d;