Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070918202017-dd049-535df69a2d49412a9169235bcbe74ab160c034c7.gz;
[lighttpd-1.4.16-1terminus2-x86_64 voroskoi <[EMAIL PROTECTED]>**20070918202017 secfix relbump, closes #2410 ] { hunk ./source/network-extra/lighttpd/FrugalBuild 7 -pkgrel=1terminus1 +pkgrel=1terminus2 hunk ./source/network-extra/lighttpd/FrugalBuild 13 - $pkgname.conf rc.$pkgname index.html http://frugalware.org/images/frugalware.png) + $pkgname.conf rc.$pkgname index.html http://frugalware.org/images/frugalware.png \ + lighttpd-1.4.x_mod_fastcgi_overrun.patch) hunk ./source/network-extra/lighttpd/FrugalBuild 38 - hunk ./source/network-extra/lighttpd/FrugalBuild 42 - '62fdfe9e07b2b55be660bd107bb6e1c742d90a3e') + '62fdfe9e07b2b55be660bd107bb6e1c742d90a3e' \ + 'e3242012652f76addaeda55d5d2b4a722ea69eba') + addfile ./source/network-extra/lighttpd/lighttpd-1.4.x_mod_fastcgi_overrun.patch hunk ./source/network-extra/lighttpd/lighttpd-1.4.x_mod_fastcgi_overrun.patch 1 +diff -aur lighttpd-1.4.16.orig/src/mod_fastcgi.c lighttpd-1.4.16/src/mod_fastcgi.c +--- lighttpd-1.4.16.orig/src/mod_fastcgi.c 2007-09-18 21:57:35.000000000 +0200 ++++ lighttpd-1.4.16/src/mod_fastcgi.c 2007-09-18 22:02:59.000000000 +0200 +@@ -54,6 +54,12 @@ + #include <sys/wait.h> + #endif + ++#define FCGI_ENV_ADD_CHECK(ret, con) \ ++ if (ret == -1) { \ ++ con->http_status = 400; \ ++ con->file_finished = 1; \ ++ return -1; \ ++ }; + + /* + * +@@ -1575,6 +1581,21 @@ + len += key_len > 127 ? 4 : 1; + len += val_len > 127 ? 4 : 1; + ++ if (env->used + len >= FCGI_MAX_LENGTH) { ++ /** ++ * we can't append more headers, ignore it ++ */ ++ return -1; ++ } ++ ++ /** ++ * field length can be 31bit max ++ * ++ * HINT: this can't happen as FCGI_MAX_LENGTH is only 16bit ++ */ ++ if (key_len > 0x7fffffff) key_len = 0x7fffffff; ++ if (val_len > 0x7fffffff) val_len = 0x7fffffff; ++ + buffer_prepare_append(env, len); + + if (key_len > 127) { +@@ -1604,6 +1625,8 @@ + } + + static int fcgi_header(FCGI_Header * header, unsigned char type, size_t request_id, int contentLength, unsigned char paddingLength) { ++ assert(contentLength <= FCGI_MAX_LENGTH); ++ + header->version = FCGI_VERSION_1; + header->type = type; + header->requestIdB0 = request_id & 0xff; +@@ -1758,7 +1781,7 @@ + } + srv->tmp_buf->ptr[srv->tmp_buf->used++] = '\0'; + +- fcgi_env_add(p->fcgi_env, CONST_BUF_LEN(srv->tmp_buf), CONST_BUF_LEN(ds->value)); ++ FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_BUF_LEN(srv->tmp_buf), CONST_BUF_LEN(ds->value)),con); + } + } + +@@ -1785,7 +1808,7 @@ + } + srv->tmp_buf->ptr[srv->tmp_buf->used++] = '\0'; + +- fcgi_env_add(p->fcgi_env, CONST_BUF_LEN(srv->tmp_buf), CONST_BUF_LEN(ds->value)); ++ FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_BUF_LEN(srv->tmp_buf), CONST_BUF_LEN(ds->value)), con); + } + } + +@@ -1829,10 +1852,10 @@ + buffer_prepare_copy(p->fcgi_env, 1024); + + +- fcgi_env_add(p->fcgi_env, CONST_STR_LEN("SERVER_SOFTWARE"), CONST_STR_LEN(PACKAGE_NAME"/"PACKAGE_VERSION)); ++ FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("SERVER_SOFTWARE"), CONST_STR_LEN(PACKAGE_NAME"/"PACKAGE_VERSION)),con) + + if (con->server_name->used) { +- fcgi_env_add(p->fcgi_env, CONST_STR_LEN("SERVER_NAME"), CONST_BUF_LEN(con->server_name)); ++ FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("SERVER_NAME"), CONST_BUF_LEN(con->server_name)),con) + } else { + #ifdef HAVE_IPV6 + s = inet_ntop(srv_sock->addr.plain.sa_family, +@@ -1843,10 +1866,10 @@ + #else + s = inet_ntoa(srv_sock->addr.ipv4.sin_addr); + #endif +- fcgi_env_add(p->fcgi_env, CONST_STR_LEN("SERVER_NAME"), s, strlen(s)); ++ FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("SERVER_NAME"), s, strlen(s)),con) + } + +- fcgi_env_add(p->fcgi_env, CONST_STR_LEN("GATEWAY_INTERFACE"), CONST_STR_LEN("CGI/1.1")); ++ FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("GATEWAY_INTERFACE"), CONST_STR_LEN("CGI/1.1")),con) + + ltostr(buf, + #ifdef HAVE_IPV6 +@@ -1856,7 +1879,7 @@ + #endif + ); + +- fcgi_env_add(p->fcgi_env, CONST_STR_LEN("SERVER_PORT"), buf, strlen(buf)); ++ FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("SERVER_PORT"), buf, strlen(buf)),con) + + /* get the server-side of the connection to the client */ + our_addr_len = sizeof(our_addr); +@@ -1866,7 +1889,7 @@ + } else { + s = inet_ntop_cache_get_ip(srv, &(our_addr)); + } +- fcgi_env_add(p->fcgi_env, CONST_STR_LEN("SERVER_ADDR"), s, strlen(s)); ++ FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("SERVER_ADDR"), s, strlen(s)),con) + + ltostr(buf, + #ifdef HAVE_IPV6 +@@ -1876,10 +1899,10 @@ + #endif + ); + +- fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REMOTE_PORT"), buf, strlen(buf)); ++ FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REMOTE_PORT"), buf, strlen(buf)),con) + + s = inet_ntop_cache_get_ip(srv, &(con->dst_addr)); +- fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REMOTE_ADDR"), s, strlen(s)); ++ FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REMOTE_ADDR"), s, strlen(s)),con) + + if (!buffer_is_empty(con->authed_user)) { + /* AUTH_TYPE fix by Troy Kruthoff ([EMAIL PROTECTED]) +@@ -1895,7 +1918,7 @@ + char *http_authorization = NULL; + data_string *ds; + +- fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REMOTE_USER"), CONST_BUF_LEN(con->authed_user)); ++ FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REMOTE_USER"), CONST_BUF_LEN(con->authed_user)),con) + + if (NULL != (ds = (data_string *)array_get_element(con->request.headers, "Authorization"))) { + http_authorization = ds->value->ptr; +@@ -1919,7 +1942,7 @@ + + /* request.content_length < SSIZE_MAX, see request.c */ + ltostr(buf, con->request.content_length); +- fcgi_env_add(p->fcgi_env, CONST_STR_LEN("CONTENT_LENGTH"), buf, strlen(buf)); ++ FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("CONTENT_LENGTH"), buf, strlen(buf)),con) + } + + if (host->mode != FCGI_AUTHORIZER) { +@@ -1930,10 +1953,10 @@ + * For AUTHORIZER mode these headers should be omitted. + */ + +- fcgi_env_add(p->fcgi_env, CONST_STR_LEN("SCRIPT_NAME"), CONST_BUF_LEN(con->uri.path)); ++ FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("SCRIPT_NAME"), CONST_BUF_LEN(con->uri.path)),con) + + if (!buffer_is_empty(con->request.pathinfo)) { +- fcgi_env_add(p->fcgi_env, CONST_STR_LEN("PATH_INFO"), CONST_BUF_LEN(con->request.pathinfo)); ++ FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("PATH_INFO"), CONST_BUF_LEN(con->request.pathinfo)),con) + + /* PATH_TRANSLATED is only defined if PATH_INFO is set */ + +@@ -1943,9 +1966,9 @@ + buffer_copy_string_buffer(p->path, con->physical.doc_root); + } + buffer_append_string_buffer(p->path, con->request.pathinfo); +- fcgi_env_add(p->fcgi_env, CONST_STR_LEN("PATH_TRANSLATED"), CONST_BUF_LEN(p->path)); ++ FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("PATH_TRANSLATED"), CONST_BUF_LEN(p->path)),con) + } else { +- fcgi_env_add(p->fcgi_env, CONST_STR_LEN("PATH_INFO"), CONST_STR_LEN("")); ++ FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("PATH_INFO"), CONST_STR_LEN("")),con) + } + } + +@@ -1966,8 +1989,8 @@ + buffer_copy_string_buffer(p->path, host->docroot); + buffer_append_string_buffer(p->path, con->uri.path); + +- fcgi_env_add(p->fcgi_env, CONST_STR_LEN("SCRIPT_FILENAME"), CONST_BUF_LEN(p->path)); +- fcgi_env_add(p->fcgi_env, CONST_STR_LEN("DOCUMENT_ROOT"), CONST_BUF_LEN(host->docroot)); ++ FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("SCRIPT_FILENAME"), CONST_BUF_LEN(p->path)),con) ++ FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("DOCUMENT_ROOT"), CONST_BUF_LEN(host->docroot)),con) + } else { + buffer_copy_string_buffer(p->path, con->physical.path); + +@@ -1979,8 +2002,8 @@ + buffer_append_string_buffer(p->path, con->request.pathinfo); + } + +- fcgi_env_add(p->fcgi_env, CONST_STR_LEN("SCRIPT_FILENAME"), CONST_BUF_LEN(p->path)); +- fcgi_env_add(p->fcgi_env, CONST_STR_LEN("DOCUMENT_ROOT"), CONST_BUF_LEN(con->physical.doc_root)); ++ FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("SCRIPT_FILENAME"), CONST_BUF_LEN(p->path)),con) ++ FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("DOCUMENT_ROOT"), CONST_BUF_LEN(con->physical.doc_root)),con) + } + + if (host->strip_request_uri->used > 1) { +@@ -2006,34 +2029,34 @@ + con->request.orig_uri->ptr + (host->strip_request_uri->used - 2), + con->request.orig_uri->used - (host->strip_request_uri->used - 2)); + } else { +- fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REQUEST_URI"), CONST_BUF_LEN(con->request.orig_uri)); ++ FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REQUEST_URI"), CONST_BUF_LEN(con->request.orig_uri)),con) + } + } else { +- fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REQUEST_URI"), CONST_BUF_LEN(con->request.orig_uri)); ++ FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REQUEST_URI"), CONST_BUF_LEN(con->request.orig_uri)),con) + } + if (!buffer_is_equal(con->request.uri, con->request.orig_uri)) { +- fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REDIRECT_URI"), CONST_BUF_LEN(con->request.uri)); ++ FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REDIRECT_URI"), CONST_BUF_LEN(con->request.uri)),con) + } + if (!buffer_is_empty(con->uri.query)) { +- fcgi_env_add(p->fcgi_env, CONST_STR_LEN("QUERY_STRING"), CONST_BUF_LEN(con->uri.query)); ++ FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("QUERY_STRING"), CONST_BUF_LEN(con->uri.query)),con) + } else { +- fcgi_env_add(p->fcgi_env, CONST_STR_LEN("QUERY_STRING"), CONST_STR_LEN("")); ++ FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("QUERY_STRING"), CONST_STR_LEN("")),con) + } + + s = get_http_method_name(con->request.http_method); +- fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REQUEST_METHOD"), s, strlen(s)); +- fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REDIRECT_STATUS"), CONST_STR_LEN("200")); /* if php is compiled with --force-redirect */ ++ FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REQUEST_METHOD"), s, strlen(s)),con) ++ FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REDIRECT_STATUS"), CONST_STR_LEN("200")),con) /* if php is compiled with --force-redirect */ + s = get_http_version_name(con->request.http_version); +- fcgi_env_add(p->fcgi_env, CONST_STR_LEN("SERVER_PROTOCOL"), s, strlen(s)); ++ FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("SERVER_PROTOCOL"), s, strlen(s)),con) + + #ifdef USE_OPENSSL + if (srv_sock->is_ssl) { +- fcgi_env_add(p->fcgi_env, CONST_STR_LEN("HTTPS"), CONST_STR_LEN("on")); ++ FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("HTTPS"), CONST_STR_LEN("on")),con) + } + #endif + + +- fcgi_env_add_request_headers(srv, con, p); ++ FCGI_ENV_ADD_CHECK(fcgi_env_add_request_headers(srv, con, p), con); + + fcgi_header(&(header), FCGI_PARAMS, request_id, p->fcgi_env->used, 0); + buffer_append_memory(b, (const char *)&header, sizeof(header)); +@@ -2928,10 +2951,8 @@ + } + + /* fall through */ +- fcgi_create_env(srv, hctx, hctx->request_id); +- ++ if (-1 == fcgi_create_env(srv, hctx, hctx->request_id)) return HANDLER_ERROR; + fcgi_set_state(srv, hctx, FCGI_STATE_WRITE); +- + /* fall through */ + case FCGI_STATE_WRITE: + ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb); +@@ -3113,7 +3134,7 @@ + + buffer_reset(con->physical.path); + con->mode = DIRECT; +- con->http_status = 503; ++ if (con->http_status != 400) con->http_status = 503; + joblist_append(srv, con); /* really ? */ + + return HANDLER_FINISHED; } _______________________________________________ Frugalware-darcs mailing list Frugalware-darcs@frugalware.org http://frugalware.org/mailman/listinfo/frugalware-darcs