gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] r28955 - in libmicrohttpd: . src/microhttpd

From: gnunet
Subject: [GNUnet-SVN] r28955 - in libmicrohttpd: . src/microhttpd
Date: Mon, 2 Sep 2013 23:00:31 +0200 
Author: grothoff
Date: 2013-09-02 23:00:31 +0200 (Mon, 02 Sep 2013)
New Revision: 28955

Modified:
   libmicrohttpd/ChangeLog
   libmicrohttpd/src/microhttpd/connection.c
   libmicrohttpd/src/microhttpd/daemon.c
Log:
fix epoll use after free

Modified: libmicrohttpd/ChangeLog
===================================================================
--- libmicrohttpd/ChangeLog     2013-09-02 18:28:26 UTC (rev 28954)
+++ libmicrohttpd/ChangeLog     2013-09-02 21:00:31 UTC (rev 28955)
@@ -1,3 +1,6 @@
+Mon Sep  2 22:59:45 CEST 2013
+       Fix use-after-free in epoll()-mode on read error. -CG
+
 Sun Sep  1 21:55:53 CEST 2013
        Fixing build issues on FreeBSD. -CG
 

Modified: libmicrohttpd/src/microhttpd/connection.c
===================================================================
--- libmicrohttpd/src/microhttpd/connection.c   2013-09-02 18:28:26 UTC (rev 
28954)
+++ libmicrohttpd/src/microhttpd/connection.c   2013-09-02 21:00:31 UTC (rev 
28955)
@@ -1824,7 +1824,7 @@
 MHD_connection_handle_read (struct MHD_Connection *connection)
 {
   update_last_activity (connection);
-  if (connection->state == MHD_CONNECTION_CLOSED)
+  if (MHD_CONNECTION_CLOSED == connection->state)
     return MHD_YES;
   /* make sure "read" has a reasonable number of bytes
      in buffer to use per system call (if possible) */
@@ -2169,13 +2169,13 @@
           continue;
         case MHD_CONNECTION_HEADERS_RECEIVED:
           parse_connection_headers (connection);
-          if (connection->state == MHD_CONNECTION_CLOSED)
+          if (MHD_CONNECTION_CLOSED == connection->state)
             continue;
           connection->state = MHD_CONNECTION_HEADERS_PROCESSED;
           continue;
         case MHD_CONNECTION_HEADERS_PROCESSED:
           call_connection_handler (connection); /* first call */
-          if (connection->state == MHD_CONNECTION_CLOSED)
+          if (MHD_CONNECTION_CLOSED == connection->state)
             continue;
           if (need_100_continue (connection))
             {
@@ -2208,7 +2208,7 @@
           if (connection->read_buffer_offset != 0)
             {
               process_request_body (connection);     /* loop call */
-              if (connection->state == MHD_CONNECTION_CLOSED)
+              if (MHD_CONNECTION_CLOSED == connection->state)
                 continue;
             }
           if ((connection->remaining_upload_size == 0) ||

Modified: libmicrohttpd/src/microhttpd/daemon.c
===================================================================
--- libmicrohttpd/src/microhttpd/daemon.c       2013-09-02 18:28:26 UTC (rev 
28954)
+++ libmicrohttpd/src/microhttpd/daemon.c       2013-09-02 21:00:31 UTC (rev 
28955)
@@ -1591,7 +1591,12 @@
                        pos->addr_len);
 #if EPOLL_SUPPORT
       if (0 != (pos->epoll_state & MHD_EPOLL_STATE_IN_EREADY_EDLL))
-       MHD_PANIC ("Internal error");
+       {
+         EDLL_remove (daemon->eready_head,
+                      daemon->eready_tail,
+                      pos);
+         pos->epoll_state &= ~MHD_EPOLL_STATE_IN_EREADY_EDLL;
+       }
       if ( (0 != (daemon->options & MHD_USE_EPOLL_LINUX_ONLY)) &&
           (-1 != daemon->epoll_fd) &&
           (0 != (pos->epoll_state & MHD_EPOLL_STATE_IN_EPOLL_SET)) )
reply via email to
[Prev in Thread] Current Thread [Next in Thread]