On Sun, May 14, 2017 at 10:05:37AM +0200, Jurjen Oskam wrote: > Hi, > > httpd crashes with a segmentation violation when servicing requests with > the following (minimal) config file: > > server "default" { > listen on * port 80 > block return 401 > } > > It starts up OK, but on the first request this happens: > > # httpd -d -v -v > startup > server_privinit: adding server default > socket_rlimit: max open files 1024 > socket_rlimit: max open files 1024 > socket_rlimit: max open files 1024 > server_launch: configuring server default > server_launch: running server default > server_launch: configuring server default > server_launch: running server default > server_launch: configuring server default > server_launch: running server default > logger exiting, pid 88769 > lost child: pid 18355 terminated; signal 11 > server exiting, pid 90619 > server exiting, pid 37360 > parent terminating, pid 91332 > > > Altering the listening address or port results in the same symptom. > Using other HTTP return codes (I've tried 402, 403, 404 and 405) does > *not* result in a crash; these seem to work as expected. > > This happens on OpenBSD 6.0, 6.1 as well as -current. > > If I can do anything to diagnose/fix this, please let me know via a > Cc:. > > Regards, > > Jurjen Oskam
Thanks for the report. The crash occurs when stravis(3) is passed a NULL msg value. Index: server_http.c =================================================================== RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v retrieving revision 1.116 diff -u -p -r1.116 server_http.c --- server_http.c 16 Mar 2017 10:18:11 -0000 1.116 +++ server_http.c 14 May 2017 08:33:43 -0000 @@ -887,6 +887,8 @@ server_abort_http(struct client *clt, un msg = buf; break; case 401: + if (msg == NULL) + break; if (stravis(&escapedmsg, msg, VIS_DQ) == -1) { code = 500; extraheader = NULL; @@ -898,6 +900,8 @@ server_abort_http(struct client *clt, un } break; case 416: + if (msg == NULL) + break; if (asprintf(&extraheader, "Content-Range: %s\r\n", msg) == -1) { code = 500;