libmicrohttpd
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[libmicrohttpd] bug in MHD_create_response_from_fd_at_offset()


From: Eivind Sarto
Subject: [libmicrohttpd] bug in MHD_create_response_from_fd_at_offset()
Date: Fri, 11 Mar 2011 15:32:21 -0500

There appears to be a bug in  MHD_create_response_from_fd_at_offset().
Calling this function with anything other than a zero offset will cause wrong 
data
or no data (sendfile fails if length < 0).

If you use this call with any application that uses ranges, this bug will 
trigger.

In src/daemon/daemon.c: send_param_adapter()
      .....
      /* can use sendfile */
      offset = (off_t) connection->response_write_position + 
connection->response->fd_off;
#ifdef BUGFIX
      /* correct */
      left = connection->response->total_size -  
connection->response_write_position;
#else
      left = connection->response->total_size - offset;
#endif
      if (left > SSIZE_MAX)
        left = SSIZE_MAX; /* cap at return value limit */
      ret = sendfile (connection->socket_fd,
                      fd,
                      &offset,
                      left);


-eivind




reply via email to

[Prev in Thread] Current Thread [Next in Thread]