libmicrohttpd
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[libmicrohttpd] Bug in MHD_itc_destroy_(itc) and MHD_fd_close_chk_(fd)


From: Michael Kaufmann
Subject: [libmicrohttpd] Bug in MHD_itc_destroy_(itc) and MHD_fd_close_chk_(fd)
Date: Mon, 08 Apr 2019 14:01:10 +0200
User-agent: Horde Application Framework 5

Hi,

after updating from libmicrohttpd 0.9.59 to 0.9.63, I get these core dumps:

#0  0x00007f7c281c6207 in raise () from /lib64/libc.so.6
#1  0x00007f7c281c78f8 in abort () from /lib64/libc.so.6
#2 0x00007f7c298dbacf in mhd_panic_std (cls=<optimized out>, file=<optimized out>, line=<optimized out>, reason=<optimized out>) at daemon.c:149 #3 0x00007f7c298dfa1a in MHD_stop_daemon (daemon=0x55ec397c61e0) at daemon.c:6654
...

I think there is a bug in MHD_itc_destroy_(itc) in the files src/microhttpd/mhd_itc.h and src/lib/mhd_itc.h.

Current code:
#define MHD_itc_destroy_(itc) ((0 != close ((itc).fd)) || (EBADF != errno))

So if close() succeeds, it returns 0, and errno is checked in that case. If errno happens to be EBADF, mhd_panic_std() is called. errno should only be checked if the close() call failed.

Proposed bugfix:
#define MHD_itc_destroy_(itc) ((0 == close ((itc).fd)) || (EBADF != errno))


There is also a bug in MHD_fd_close_chk_(fd), in the files src/microhttpd/internal.h and src/lib/internal.h:

#define MHD_fd_close_chk_(fd) do {             \
    if (0 == close ((fd)) && (EBADF == errno)) \
      MHD_PANIC(_("Failed to close FD.\n"));   \
  } while(0)


This should be changed to:

#define MHD_fd_close_chk_(fd) do {             \
    if (0 != close ((fd)) && (EBADF == errno)) \
      MHD_PANIC(_("Failed to close FD.\n"));   \
  } while(0)


See also https://bugs.gnunet.org/view.php?id=3926

Regards,
Michael




reply via email to

[Prev in Thread] Current Thread [Next in Thread]