[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libmicrohttpd] Bug in MHD_itc_destroy_(itc) and MHD_fd_close_chk_(fd)
From: |
Michael Kaufmann |
Subject: |
[libmicrohttpd] Bug in MHD_itc_destroy_(itc) and MHD_fd_close_chk_(fd) |
Date: |
Mon, 08 Apr 2019 14:01:10 +0200 |
User-agent: |
Horde Application Framework 5 |
Hi,
after updating from libmicrohttpd 0.9.59 to 0.9.63, I get these core dumps:
#0 0x00007f7c281c6207 in raise () from /lib64/libc.so.6
#1 0x00007f7c281c78f8 in abort () from /lib64/libc.so.6
#2 0x00007f7c298dbacf in mhd_panic_std (cls=<optimized out>,
file=<optimized out>, line=<optimized out>, reason=<optimized out>) at
daemon.c:149
#3 0x00007f7c298dfa1a in MHD_stop_daemon (daemon=0x55ec397c61e0) at
daemon.c:6654
...
I think there is a bug in MHD_itc_destroy_(itc) in the files
src/microhttpd/mhd_itc.h and src/lib/mhd_itc.h.
Current code:
#define MHD_itc_destroy_(itc) ((0 != close ((itc).fd)) || (EBADF != errno))
So if close() succeeds, it returns 0, and errno is checked in that
case. If errno happens to be EBADF, mhd_panic_std() is called. errno
should only be checked if the close() call failed.
Proposed bugfix:
#define MHD_itc_destroy_(itc) ((0 == close ((itc).fd)) || (EBADF != errno))
There is also a bug in MHD_fd_close_chk_(fd), in the files
src/microhttpd/internal.h and src/lib/internal.h:
#define MHD_fd_close_chk_(fd) do { \
if (0 == close ((fd)) && (EBADF == errno)) \
MHD_PANIC(_("Failed to close FD.\n")); \
} while(0)
This should be changed to:
#define MHD_fd_close_chk_(fd) do { \
if (0 != close ((fd)) && (EBADF == errno)) \
MHD_PANIC(_("Failed to close FD.\n")); \
} while(0)
See also https://bugs.gnunet.org/view.php?id=3926
Regards,
Michael
- [libmicrohttpd] Bug in MHD_itc_destroy_(itc) and MHD_fd_close_chk_(fd),
Michael Kaufmann <=