[Frugalware-darcs] frugalware-0.6: lighttpd-1.4.16-1terminus2-x86_64

voroskoi voroskoi at frugalware.org
Tue Sep 18 22:22:30 CEST 2007


Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070918202017-dd049-535df69a2d49412a9169235bcbe74ab160c034c7.gz;

[lighttpd-1.4.16-1terminus2-x86_64
voroskoi <voroskoi at frugalware.org>**20070918202017
 secfix relbump, closes #2410
] {
hunk ./source/network-extra/lighttpd/FrugalBuild 7
-pkgrel=1terminus1
+pkgrel=1terminus2
hunk ./source/network-extra/lighttpd/FrugalBuild 13
-	$pkgname.conf rc.$pkgname index.html http://frugalware.org/images/frugalware.png)
+	$pkgname.conf rc.$pkgname index.html http://frugalware.org/images/frugalware.png \
+	lighttpd-1.4.x_mod_fastcgi_overrun.patch)
hunk ./source/network-extra/lighttpd/FrugalBuild 38
-
hunk ./source/network-extra/lighttpd/FrugalBuild 42
-          '62fdfe9e07b2b55be660bd107bb6e1c742d90a3e')
+          '62fdfe9e07b2b55be660bd107bb6e1c742d90a3e' \
+          'e3242012652f76addaeda55d5d2b4a722ea69eba')
+
addfile ./source/network-extra/lighttpd/lighttpd-1.4.x_mod_fastcgi_overrun.patch
hunk ./source/network-extra/lighttpd/lighttpd-1.4.x_mod_fastcgi_overrun.patch 1
+diff -aur lighttpd-1.4.16.orig/src/mod_fastcgi.c lighttpd-1.4.16/src/mod_fastcgi.c
+--- lighttpd-1.4.16.orig/src/mod_fastcgi.c	2007-09-18 21:57:35.000000000 +0200
++++ lighttpd-1.4.16/src/mod_fastcgi.c	2007-09-18 22:02:59.000000000 +0200
+@@ -54,6 +54,12 @@
+ #include <sys/wait.h>
+ #endif
+ 
++#define FCGI_ENV_ADD_CHECK(ret, con) \
++	if (ret == -1) { \
++		con->http_status = 400; \
++		con->file_finished = 1; \
++		return -1; \
++	};
+ 
+ /*
+  *
+@@ -1575,6 +1581,21 @@
+ 	len += key_len > 127 ? 4 : 1;
+ 	len += val_len > 127 ? 4 : 1;
+ 
++	if (env->used + len >= FCGI_MAX_LENGTH) {
++		/**
++		 * we can't append more headers, ignore it
++		 */
++		return -1;
++	}
++
++	/**
++	 * field length can be 31bit max
++	 *
++	 * HINT: this can't happen as FCGI_MAX_LENGTH is only 16bit
++	 */
++	if (key_len > 0x7fffffff) key_len = 0x7fffffff;
++	if (val_len > 0x7fffffff) val_len = 0x7fffffff;
++
+ 	buffer_prepare_append(env, len);
+ 
+ 	if (key_len > 127) {
+@@ -1604,6 +1625,8 @@
+ }
+ 
+ static int fcgi_header(FCGI_Header * header, unsigned char type, size_t request_id, int contentLength, unsigned char paddingLength) {
++	assert(contentLength <= FCGI_MAX_LENGTH);
++	
+ 	header->version = FCGI_VERSION_1;
+ 	header->type = type;
+ 	header->requestIdB0 = request_id & 0xff;
+@@ -1758,7 +1781,7 @@
+ 			}
+ 			srv->tmp_buf->ptr[srv->tmp_buf->used++] = '\0';
+ 
+-			fcgi_env_add(p->fcgi_env, CONST_BUF_LEN(srv->tmp_buf), CONST_BUF_LEN(ds->value));
++			FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_BUF_LEN(srv->tmp_buf), CONST_BUF_LEN(ds->value)),con);
+ 		}
+ 	}
+ 
+@@ -1785,7 +1808,7 @@
+ 			}
+ 			srv->tmp_buf->ptr[srv->tmp_buf->used++] = '\0';
+ 
+-			fcgi_env_add(p->fcgi_env, CONST_BUF_LEN(srv->tmp_buf), CONST_BUF_LEN(ds->value));
++			FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_BUF_LEN(srv->tmp_buf), CONST_BUF_LEN(ds->value)), con);
+ 		}
+ 	}
+ 
+@@ -1829,10 +1852,10 @@
+ 	buffer_prepare_copy(p->fcgi_env, 1024);
+ 
+ 
+-	fcgi_env_add(p->fcgi_env, CONST_STR_LEN("SERVER_SOFTWARE"), CONST_STR_LEN(PACKAGE_NAME"/"PACKAGE_VERSION));
++	FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("SERVER_SOFTWARE"), CONST_STR_LEN(PACKAGE_NAME"/"PACKAGE_VERSION)),con)
+ 
+ 	if (con->server_name->used) {
+-		fcgi_env_add(p->fcgi_env, CONST_STR_LEN("SERVER_NAME"), CONST_BUF_LEN(con->server_name));
++		FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("SERVER_NAME"), CONST_BUF_LEN(con->server_name)),con)
+ 	} else {
+ #ifdef HAVE_IPV6
+ 		s = inet_ntop(srv_sock->addr.plain.sa_family,
+@@ -1843,10 +1866,10 @@
+ #else
+ 		s = inet_ntoa(srv_sock->addr.ipv4.sin_addr);
+ #endif
+-		fcgi_env_add(p->fcgi_env, CONST_STR_LEN("SERVER_NAME"), s, strlen(s));
++		FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("SERVER_NAME"), s, strlen(s)),con)
+ 	}
+ 
+-	fcgi_env_add(p->fcgi_env, CONST_STR_LEN("GATEWAY_INTERFACE"), CONST_STR_LEN("CGI/1.1"));
++	FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("GATEWAY_INTERFACE"), CONST_STR_LEN("CGI/1.1")),con)
+ 
+ 	ltostr(buf,
+ #ifdef HAVE_IPV6
+@@ -1856,7 +1879,7 @@
+ #endif
+ 	       );
+ 
+-	fcgi_env_add(p->fcgi_env, CONST_STR_LEN("SERVER_PORT"), buf, strlen(buf));
++	FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("SERVER_PORT"), buf, strlen(buf)),con)
+ 
+ 	/* get the server-side of the connection to the client */
+ 	our_addr_len = sizeof(our_addr);
+@@ -1866,7 +1889,7 @@
+ 	} else {
+ 		s = inet_ntop_cache_get_ip(srv, &(our_addr));
+ 	}
+-	fcgi_env_add(p->fcgi_env, CONST_STR_LEN("SERVER_ADDR"), s, strlen(s));
++	FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("SERVER_ADDR"), s, strlen(s)),con)
+ 
+ 	ltostr(buf,
+ #ifdef HAVE_IPV6
+@@ -1876,10 +1899,10 @@
+ #endif
+ 	       );
+ 
+-	fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REMOTE_PORT"), buf, strlen(buf));
++	FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REMOTE_PORT"), buf, strlen(buf)),con)
+ 
+ 	s = inet_ntop_cache_get_ip(srv, &(con->dst_addr));
+-	fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REMOTE_ADDR"), s, strlen(s));
++	FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REMOTE_ADDR"), s, strlen(s)),con)
+ 
+ 	if (!buffer_is_empty(con->authed_user)) {
+ 		/* AUTH_TYPE fix by Troy Kruthoff (tkruthoff at gmail.com)
+@@ -1895,7 +1918,7 @@
+ 		char *http_authorization = NULL;
+ 		data_string *ds;
+ 	  	
+-		fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REMOTE_USER"), CONST_BUF_LEN(con->authed_user));
++		FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REMOTE_USER"), CONST_BUF_LEN(con->authed_user)),con)
+ 	
+ 		if (NULL != (ds = (data_string *)array_get_element(con->request.headers, "Authorization"))) {
+ 			http_authorization = ds->value->ptr;
+@@ -1919,7 +1942,7 @@
+ 
+ 		/* request.content_length < SSIZE_MAX, see request.c */
+ 		ltostr(buf, con->request.content_length);
+-		fcgi_env_add(p->fcgi_env, CONST_STR_LEN("CONTENT_LENGTH"), buf, strlen(buf));
++		FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("CONTENT_LENGTH"), buf, strlen(buf)),con)
+ 	}
+ 
+ 	if (host->mode != FCGI_AUTHORIZER) {
+@@ -1930,10 +1953,10 @@
+ 		 * For AUTHORIZER mode these headers should be omitted.
+ 		 */
+ 
+-		fcgi_env_add(p->fcgi_env, CONST_STR_LEN("SCRIPT_NAME"), CONST_BUF_LEN(con->uri.path));
++		FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("SCRIPT_NAME"), CONST_BUF_LEN(con->uri.path)),con)
+ 
+ 		if (!buffer_is_empty(con->request.pathinfo)) {
+-			fcgi_env_add(p->fcgi_env, CONST_STR_LEN("PATH_INFO"), CONST_BUF_LEN(con->request.pathinfo));
++			FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("PATH_INFO"), CONST_BUF_LEN(con->request.pathinfo)),con)
+ 
+ 			/* PATH_TRANSLATED is only defined if PATH_INFO is set */
+ 
+@@ -1943,9 +1966,9 @@
+ 				buffer_copy_string_buffer(p->path, con->physical.doc_root);
+ 			}
+ 			buffer_append_string_buffer(p->path, con->request.pathinfo);
+-			fcgi_env_add(p->fcgi_env, CONST_STR_LEN("PATH_TRANSLATED"), CONST_BUF_LEN(p->path));
++			FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("PATH_TRANSLATED"), CONST_BUF_LEN(p->path)),con)
+ 		} else {
+-			fcgi_env_add(p->fcgi_env, CONST_STR_LEN("PATH_INFO"), CONST_STR_LEN(""));
++			FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("PATH_INFO"), CONST_STR_LEN("")),con)
+ 		}
+ 	}
+ 
+@@ -1966,8 +1989,8 @@
+ 		buffer_copy_string_buffer(p->path, host->docroot);
+ 		buffer_append_string_buffer(p->path, con->uri.path);
+ 
+-		fcgi_env_add(p->fcgi_env, CONST_STR_LEN("SCRIPT_FILENAME"), CONST_BUF_LEN(p->path));
+-		fcgi_env_add(p->fcgi_env, CONST_STR_LEN("DOCUMENT_ROOT"), CONST_BUF_LEN(host->docroot));
++		FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("SCRIPT_FILENAME"), CONST_BUF_LEN(p->path)),con)
++		FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("DOCUMENT_ROOT"), CONST_BUF_LEN(host->docroot)),con)
+ 	} else {
+ 		buffer_copy_string_buffer(p->path, con->physical.path);
+ 
+@@ -1979,8 +2002,8 @@
+ 			buffer_append_string_buffer(p->path, con->request.pathinfo);
+ 		}
+ 
+-		fcgi_env_add(p->fcgi_env, CONST_STR_LEN("SCRIPT_FILENAME"), CONST_BUF_LEN(p->path));
+-		fcgi_env_add(p->fcgi_env, CONST_STR_LEN("DOCUMENT_ROOT"), CONST_BUF_LEN(con->physical.doc_root));
++		FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("SCRIPT_FILENAME"), CONST_BUF_LEN(p->path)),con)
++		FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("DOCUMENT_ROOT"), CONST_BUF_LEN(con->physical.doc_root)),con)
+ 	}
+ 
+ 	if (host->strip_request_uri->used > 1) {
+@@ -2006,34 +2029,34 @@
+ 					con->request.orig_uri->ptr + (host->strip_request_uri->used - 2),
+ 					con->request.orig_uri->used - (host->strip_request_uri->used - 2));
+ 		} else {
+-			fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REQUEST_URI"), CONST_BUF_LEN(con->request.orig_uri));
++			FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REQUEST_URI"), CONST_BUF_LEN(con->request.orig_uri)),con)
+ 		}
+ 	} else {
+-		fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REQUEST_URI"), CONST_BUF_LEN(con->request.orig_uri));
++		FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REQUEST_URI"), CONST_BUF_LEN(con->request.orig_uri)),con)
+ 	}
+ 	if (!buffer_is_equal(con->request.uri, con->request.orig_uri)) {
+-		fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REDIRECT_URI"), CONST_BUF_LEN(con->request.uri));
++		FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REDIRECT_URI"), CONST_BUF_LEN(con->request.uri)),con)
+ 	}
+ 	if (!buffer_is_empty(con->uri.query)) {
+-		fcgi_env_add(p->fcgi_env, CONST_STR_LEN("QUERY_STRING"), CONST_BUF_LEN(con->uri.query));
++		FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("QUERY_STRING"), CONST_BUF_LEN(con->uri.query)),con)
+ 	} else {
+-		fcgi_env_add(p->fcgi_env, CONST_STR_LEN("QUERY_STRING"), CONST_STR_LEN(""));
++		FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("QUERY_STRING"), CONST_STR_LEN("")),con)
+ 	}
+ 
+ 	s = get_http_method_name(con->request.http_method);
+-	fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REQUEST_METHOD"), s, strlen(s));
+-	fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REDIRECT_STATUS"), CONST_STR_LEN("200")); /* if php is compiled with --force-redirect */
++	FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REQUEST_METHOD"), s, strlen(s)),con)
++	FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REDIRECT_STATUS"), CONST_STR_LEN("200")),con) /* if php is compiled with --force-redirect */
+ 	s = get_http_version_name(con->request.http_version);
+-	fcgi_env_add(p->fcgi_env, CONST_STR_LEN("SERVER_PROTOCOL"), s, strlen(s));
++	FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("SERVER_PROTOCOL"), s, strlen(s)),con)
+ 
+ #ifdef USE_OPENSSL
+ 	if (srv_sock->is_ssl) {
+-		fcgi_env_add(p->fcgi_env, CONST_STR_LEN("HTTPS"), CONST_STR_LEN("on"));
++		FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("HTTPS"), CONST_STR_LEN("on")),con)
+ 	}
+ #endif
+ 
+ 
+-	fcgi_env_add_request_headers(srv, con, p);
++	FCGI_ENV_ADD_CHECK(fcgi_env_add_request_headers(srv, con, p), con);
+ 
+ 	fcgi_header(&(header), FCGI_PARAMS, request_id, p->fcgi_env->used, 0);
+ 	buffer_append_memory(b, (const char *)&header, sizeof(header));
+@@ -2928,10 +2951,8 @@
+ 		}
+ 
+ 		/* fall through */
+-		fcgi_create_env(srv, hctx, hctx->request_id);
+-
++		if (-1 == fcgi_create_env(srv, hctx, hctx->request_id)) return HANDLER_ERROR;
+ 		fcgi_set_state(srv, hctx, FCGI_STATE_WRITE);
+-
+ 		/* fall through */
+ 	case FCGI_STATE_WRITE:
+ 		ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb);
+@@ -3113,7 +3134,7 @@
+ 
+ 			buffer_reset(con->physical.path);
+ 			con->mode = DIRECT;
+-			con->http_status = 503;
++			if (con->http_status != 400) con->http_status = 503;
+ 			joblist_append(srv, con); /* really ? */
+ 
+ 			return HANDLER_FINISHED;
}


More information about the Frugalware-darcs mailing list