Browse Source

[mod_cml_lua] fix null pointer dereference

a local lua script could trigger it by not sending any files and not
  setting a last-modified header, leading to zero mtime and a buffer
  ptr = NULL which was used in http_response_handle_cachable

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2951 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/tags/lighttpd-1.4.35
Stefan Bühler 8 years ago
parent
commit
ef0b353fee
  1. 1
      NEWS
  2. 10
      src/mod_cml_lua.c

1
NEWS

@ -15,6 +15,7 @@ NEWS
* [buffer] fix length check in buffer_is_equal_right_len
* fix resource leaks in error cases on config parsing and other initializations
* add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546)
* [mod_cml_lua] fix null pointer dereference
- 1.4.34
* [mod_auth] explicitly link ssl for SHA1 (fixes #2517)

10
src/mod_cml_lua.c

@ -398,26 +398,22 @@ int cache_parse_lua(server *srv, connection *con, plugin_data *p, buffer *fn) {
con->file_finished = 1;
ds = (data_string *)array_get_element(con->response.headers, "Last-Modified");
if (0 == mtime) mtime = time(NULL); /* default last-modified to now */
/* no Last-Modified specified */
if ((mtime) && (NULL == ds)) {
if (NULL == ds) {
strftime(timebuf, sizeof(timebuf), "%a, %d %b %Y %H:%M:%S GMT", gmtime(&mtime));
response_header_overwrite(srv, con, CONST_STR_LEN("Last-Modified"), timebuf, sizeof(timebuf) - 1);
tbuf.ptr = timebuf;
tbuf.used = sizeof(timebuf);
tbuf.size = sizeof(timebuf);
} else if (ds) {
} else {
tbuf.ptr = ds->value->ptr;
tbuf.used = ds->value->used;
tbuf.size = ds->value->size;
} else {
tbuf.size = 0;
tbuf.used = 0;
tbuf.ptr = NULL;
}
if (HANDLER_FINISHED == http_response_handle_cachable(srv, con, &tbuf)) {

Loading…
Cancel
Save