Bug #476

HTTP/1.0 Request Crash lighttpd when using mod_proxy

Added by Anonymous 1052 days ago. Updated 674 days ago.

Status:Fixed Start:
Priority:Normal Due date:
Assigned to:- % Done:

0%
Category:core
Target version:-
Pending:

 Resolution:

fixed

Description

This is on a FreeBSD 4.11 system running the lighttpd port, version 1.4.8_1 and using the freebsd-kqueue handler.

When mod_proxy is loaded, and you try to do a HTTP/1.0 get request the server segfaults. Here's the output of my debugging:


(gdb) run -D -f /usr/home/mike/lighttpd.conf2
Starting program: /usr/local/sbin/lighttpd -D -f /usr/home/mike/lighttpd.conf2

Program received signal SIGSEGV, Segmentation fault.
0x28256ff7 in proxy_create_env (srv=0x806b000, hctx=0x80e92c0) at mod_proxy.c:442
442     mod_proxy.c: No such file or directory.
(gdb) bt
#0  0x28256ff7 in proxy_create_env (srv=0x806b000, hctx=0x80e92c0) at mod_proxy.c:442
#1  0x28257a6a in proxy_write_request (srv=0x806b000, hctx=0x80e92c0) at mod_proxy.c:807
#2  0x28257d4c in mod_proxy_handle_subrequest (srv=0x806b000, con=0x8078200, p_d=0x806a380)
    at mod_proxy.c:905
#3  0x805b362 in plugins_call_handle_subrequest (srv=0x806b000, con=0x8078200)
    at plugin.c:248
#4  0x804f7a1 in http_response_prepare (srv=0x806b000, con=0x8078200) at response.c:563
#5  0x805163a in connection_state_machine (srv=0x806b000, con=0x8078200)
    at connections.c:1352
#6  0x804e5cf in main (argc=4, argv=0xbfbffa08) at server.c:1132
(gdb) c
Continuing.

Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.

Here's the request that killed the beast:


GET / HTTP/1.0

Connection closed by foreign host.

-- mike.lighttpd

History

01/27/2006 06:22 PM - conny

As far as I can tell, this seems to be fixed in version 1.4.9.

01/30/2006 03:25 PM - conny

I was eventually able to reproduce the bug in 1.4.9 after a while: the situation seems to arise during the following conditions:

  • "/foo" represents a proxied URL
  • "/foo" causes the backend server to return a 30x redirect (common example: "/foo" -> "/foo/"
  • Any valid HTTP/1.1 request works as expected
  • "GET /foo/ HTTP/1.0" works as expected
  • "GET /foo HTTP/1.0" causes lighttpd to crash
  • "GET /foo HTTP/1.0" plus "Host: whatever" works!

01/30/2006 04:40 PM - conny

Sorry for the noise. I am not able to reproduce it in any reliable way under 1.4.9. So I'll assume it's fixed, unless otherwise proven :-)

02/10/2006 05:35 PM - conny

Perhaps this was something to do with the X-Host which seem to be fixed now.

Mike: can you still reproduce the crash with 1.4.10?

01/31/2007 02:12 AM - jakabosky

  • Status changed from New to Fixed
  • Resolution set to fixed

fixed in r901 1.4.x branch and included in releases since atleast 1.4.11

Also available in: Atom PDF