Re: httpd crashes with SIGSEGV when using "block return 401"

Sun, 14 May 2017 01:47:36 -0700 

On Sun, May 14, 2017 at 06:37:55PM +1000, Jonathan Gray wrote:
> On Sun, May 14, 2017 at 10:05:37AM +0200, Jurjen Oskam wrote:
> > Hi,
> > 
> > httpd crashes with a segmentation violation when servicing requests with
> > the following (minimal) config file:
> > 
> > server "default" {
> >         listen on * port 80
> >         block return 401
> > }
> > 
> > It starts up OK, but on the first request this happens:
> > 
> > # httpd -d -v -v
> > startup
> > server_privinit: adding server default
> > socket_rlimit: max open files 1024
> > socket_rlimit: max open files 1024
> > socket_rlimit: max open files 1024
> > server_launch: configuring server default
> > server_launch: running server default
> > server_launch: configuring server default
> > server_launch: running server default
> > server_launch: configuring server default
> > server_launch: running server default
> > logger exiting, pid 88769
> > lost child: pid 18355 terminated; signal 11
> > server exiting, pid 90619
> > server exiting, pid 37360
> > parent terminating, pid 91332
> > 
> > 
> > Altering the listening address or port results in the same symptom.
> > Using other HTTP return codes (I've tried 402, 403, 404 and 405) does
> > *not* result in a crash; these seem to work as expected.
> > 
> > This happens on OpenBSD 6.0, 6.1 as well as -current.
> > 
> > If I can do anything to diagnose/fix this, please let me know via a
> > Cc:.
> > 
> > Regards,
> > 
> > Jurjen Oskam
> 
> Thanks for the report.  The crash occurs when stravis(3) is passed a
> NULL msg value.

OK florian@

(I was wondering if we should set code = 500 in these cases, but that
would prevent using block return 401 / 416)

> 
> Index: server_http.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v
> retrieving revision 1.116
> diff -u -p -r1.116 server_http.c
> --- server_http.c     16 Mar 2017 10:18:11 -0000      1.116
> +++ server_http.c     14 May 2017 08:33:43 -0000
> @@ -887,6 +887,8 @@ server_abort_http(struct client *clt, un
>               msg = buf;
>               break;
>       case 401:
> +             if (msg == NULL)
> +                     break;
>               if (stravis(&escapedmsg, msg, VIS_DQ) == -1) {
>                       code = 500;
>                       extraheader = NULL;
> @@ -898,6 +900,8 @@ server_abort_http(struct client *clt, un
>               }
>               break;
>       case 416:
> +             if (msg == NULL)
> +                     break;
>               if (asprintf(&extraheader,
>                   "Content-Range: %s\r\n", msg) == -1) {
>                       code = 500;
> 

-- 
I'm not entirely sure you are real.

Reply via email to