[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r28955 - in libmicrohttpd: . src/microhttpd
From: |
gnunet |
Subject: |
[GNUnet-SVN] r28955 - in libmicrohttpd: . src/microhttpd |
Date: |
Mon, 2 Sep 2013 23:00:31 +0200 |
Author: grothoff
Date: 2013-09-02 23:00:31 +0200 (Mon, 02 Sep 2013)
New Revision: 28955
Modified:
libmicrohttpd/ChangeLog
libmicrohttpd/src/microhttpd/connection.c
libmicrohttpd/src/microhttpd/daemon.c
Log:
fix epoll use after free
Modified: libmicrohttpd/ChangeLog
===================================================================
--- libmicrohttpd/ChangeLog 2013-09-02 18:28:26 UTC (rev 28954)
+++ libmicrohttpd/ChangeLog 2013-09-02 21:00:31 UTC (rev 28955)
@@ -1,3 +1,6 @@
+Mon Sep 2 22:59:45 CEST 2013
+ Fix use-after-free in epoll()-mode on read error. -CG
+
Sun Sep 1 21:55:53 CEST 2013
Fixing build issues on FreeBSD. -CG
Modified: libmicrohttpd/src/microhttpd/connection.c
===================================================================
--- libmicrohttpd/src/microhttpd/connection.c 2013-09-02 18:28:26 UTC (rev
28954)
+++ libmicrohttpd/src/microhttpd/connection.c 2013-09-02 21:00:31 UTC (rev
28955)
@@ -1824,7 +1824,7 @@
MHD_connection_handle_read (struct MHD_Connection *connection)
{
update_last_activity (connection);
- if (connection->state == MHD_CONNECTION_CLOSED)
+ if (MHD_CONNECTION_CLOSED == connection->state)
return MHD_YES;
/* make sure "read" has a reasonable number of bytes
in buffer to use per system call (if possible) */
@@ -2169,13 +2169,13 @@
continue;
case MHD_CONNECTION_HEADERS_RECEIVED:
parse_connection_headers (connection);
- if (connection->state == MHD_CONNECTION_CLOSED)
+ if (MHD_CONNECTION_CLOSED == connection->state)
continue;
connection->state = MHD_CONNECTION_HEADERS_PROCESSED;
continue;
case MHD_CONNECTION_HEADERS_PROCESSED:
call_connection_handler (connection); /* first call */
- if (connection->state == MHD_CONNECTION_CLOSED)
+ if (MHD_CONNECTION_CLOSED == connection->state)
continue;
if (need_100_continue (connection))
{
@@ -2208,7 +2208,7 @@
if (connection->read_buffer_offset != 0)
{
process_request_body (connection); /* loop call */
- if (connection->state == MHD_CONNECTION_CLOSED)
+ if (MHD_CONNECTION_CLOSED == connection->state)
continue;
}
if ((connection->remaining_upload_size == 0) ||
Modified: libmicrohttpd/src/microhttpd/daemon.c
===================================================================
--- libmicrohttpd/src/microhttpd/daemon.c 2013-09-02 18:28:26 UTC (rev
28954)
+++ libmicrohttpd/src/microhttpd/daemon.c 2013-09-02 21:00:31 UTC (rev
28955)
@@ -1591,7 +1591,12 @@
pos->addr_len);
#if EPOLL_SUPPORT
if (0 != (pos->epoll_state & MHD_EPOLL_STATE_IN_EREADY_EDLL))
- MHD_PANIC ("Internal error");
+ {
+ EDLL_remove (daemon->eready_head,
+ daemon->eready_tail,
+ pos);
+ pos->epoll_state &= ~MHD_EPOLL_STATE_IN_EREADY_EDLL;
+ }
if ( (0 != (daemon->options & MHD_USE_EPOLL_LINUX_ONLY)) &&
(-1 != daemon->epoll_fd) &&
(0 != (pos->epoll_state & MHD_EPOLL_STATE_IN_EPOLL_SET)) )
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r28955 - in libmicrohttpd: . src/microhttpd,
gnunet <=