Ticket #1159 (new defect)

Opened 1 year ago

Last modified 9 months ago

Cannot set server.port from environment variable

Reported by: andrewb@zip.com.au Assigned to: jan
Priority: normal Milestone: 1.5.0
Component: core Version: 1.4.17
Severity: normal Keywords:
Cc: Blocking:
Need Feedback: 0

Description

Given the environment: 

PORT=80
export PORT

the following line in the lighty configuration file: 

server.port = env.PORT

fails with the message: 

(configfile-glue.c.91) got a string but expected a short: server.port 80

This means that port numbers cannot be set from environment variables, but code was introduced in source:trunk/src/configfile-glue.c@r1349 (3-Oct-2006) to handle this case. It would appear that the buffer_isdigit() test in source:trunk/src/configfile-glue.c is broken somehow.

Attachments

lighttpd-ticket-1159-patch.txt (1.0 kB) - added by andrewb@zip.com.au on 09/07/2007 11:25:34 AM.
Here is a patch that fixes the problem.

Change History

09/07/2007 11:16:14 AM changed by anonymous

  • version changed from 1.4.13 to 1.4.17.
  • pending changed.

09/07/2007 11:25:34 AM changed by andrewb@zip.com.au

  • attachment lighttpd-ticket-1159-patch.txt added.

Here is a patch that fixes the problem.

09/07/2007 11:39:58 AM changed by darix

what i dont like about this patch is that it limits the number to 65535. while this might be ok for your use case (server.port) this is not a valid solution for the problem. what if i want to set the max request size from the environment?

the number shouldnt be limited at that position but checked later on in the code if it fits into the limits in this scope.

09/07/2007 12:56:39 PM changed by andrewb@zip.com.au

The hard-coded limit of 65535 is completely justified.

The case in question is for "T_CONFIG_SHORT", which generally suggests that a two-byte signed (or unsigned) value is wanted. This is confirmed, and the signed-vs-unsigned question is settled, a few lines further on, where an error message has the 65535 value hard-coded in. Good design dictates that the numeric limits of the lighty config language should be platform independent, not determined by the built-in types of the C compiler used to build it (ie, we don't really want 65536 overflowing on one platform but not on another). All the C standards I've ever read say that sizeof(short) is guaranteed to be at least two on all architectures. So I deduced that the assumption of two-byte shorts was deliberate on the part of the lighty developers, and respected that.

Incidentaly, Just a few lines higher, data_integer.value (which is of type int) is assigned to a *(unsigned short *) without checking for overflow. That is clearly a bug, but it further strengthens my argument.

11/06/2007 01:33:43 AM changed by anonymous

Is this going to be fixed any time soon? The patch looks OK to me (if not, it's trivial to #define the maximum unsigned short as (1 << (sizeof(unsigned short) * 8)) - 1), and I just ran into this problem today myself.

Add/Change #1159 (Cannot set server.port from environment variable)




Change Properties