Ticket #1601 (closed defect: fixed)

Opened 4 months ago

Last modified 3 months ago

Requestion subdomain with $HTTP["scheme"] and url.redirect with %0 kills server

Reported by: fat-soeren@web.de Assigned to: jan
Priority: high Milestone:
Component: core Version: 1.4.19
Severity: normal Keywords: subdomain, scheme, redirect, %0
Cc: Blocking:
Need Feedback: 0

Description

I'm using this term to create a systemwide subdomain which should only be accessed with https. non-https requests are getting identified by $HTTP["scheme"] and then redirected to https://%0:444 (I'm using 444 as secure port). If i now make a request to the site (browser or curl doesn't matter, curl output: (52) Empty reply from server) i will get a blank site and the lighttpd process gets killed. (php5-cgi is still running) 

$HTTP["host"] =~ "^webmail\.(.*)$" {
$HTTP["scheme"] == "http" {
url.redirect = ( "^/(.*)" => "https://%0:444" )
}
server.document-root = "/usr/share/squirrelmail/"
}

strace/backtrace is available. this bug is also reproducable (atleast for me).

Attachments

lighttpd.backtrace (33.8 kB) - added by fat-soeren@web.de on 03/18/2008 12:42:14 AM.
backtrace of the bug
lighttpd.strace (75.7 kB) - added by fat-soeren@web.de on 03/18/2008 12:42:56 AM.
strace of the bug

Change History

03/18/2008 12:42:14 AM changed by fat-soeren@web.de

  • attachment lighttpd.backtrace added.

backtrace of the bug

03/18/2008 12:42:56 AM changed by fat-soeren@web.de

  • attachment lighttpd.strace added.

strace of the bug

(follow-up: ↓ 2 ) 03/18/2008 02:26:14 PM changed by stbuehler

You can use %n only in a =~ conditional block; so you could say it is a config error (you now at least know that it won't work how you want it to).

To fix the segfault, the following patch should do it. (%0 will be replaced with an empty string then): 

diff --git a/src/configfile-glue.c b/src/configfile-glue.c
index 66a596e..65afd01 100644
--- a/src/configfile-glue.c
+++ b/src/configfile-glue.c
@@ -529,7 +529,7 @@ int config_check_cond(server *srv, connection *con, data_config *dc) {
 int config_append_cond_match_buffer(connection *con, data_config *dc, buffer *buf, int n)
 {
 	cond_cache_t *cache = &con->cond_cache[dc->context_ndx];
-	if (n > cache->patterncount) {
+	if (n >= cache->patterncount) {
 		return 0;
 	}

But i think somehow an error should printed to the server log in such cases.

(in reply to: ↑ 1 ; follow-up: ↓ 3 ) 03/18/2008 04:55:33 PM changed by fat-soeren@web.de

Replying to stbuehler:

You can use %n only in a =~ conditional block; so you could say it is a config error (you now at least know that it won't work how you want it to).

so it is not possible to use $HTTP["scheme"] together with url.redirect? that sucks :|

(in reply to: ↑ 2 ) 03/18/2008 06:44:01 PM changed by stbuehler

Replying to fat-soeren@web.de:

Replying to stbuehler:

You can use %n only in a =~ conditional block; so you could say it is a config error (you now at least know that it won't work how you want it to).

so it is not possible to use $HTTP["scheme"] together with url.redirect? that sucks :|

I did not say that... just use $HTTP["scheme"] =~ ".*" and you can use %0 (I don't see why you would want to use %0 after an equality test - you already know what it is)

But you cannot access the matched patterns of an outer conditional, that is right.

03/26/2008 02:24:23 PM changed by stbuehler

  • status changed from new to closed.
  • resolution set to fixed.

Fixed segfault in [2138]

Add/Change #1601 (Requestion subdomain with $HTTP["scheme"] and url.redirect with %0 kills server)




Change Properties
Action