[pkg-lighttpd] Bug#428368: diff for 1.4.15-1.1 NMU

Pierre Habouzit madcoder at debian.org
Fri Jul 20 09:08:05 UTC 2007 

Hi,

Attached is the diff for my lighttpd 1.4.15-1.1 NMU.
-------------- next part --------------
diff -u lighttpd-1.4.15/debian/changelog lighttpd-1.4.15/debian/changelog
--- lighttpd-1.4.15/debian/changelog
+++ lighttpd-1.4.15/debian/changelog
@@ -1,3 +1,11 @@
+lighttpd (1.4.15-1.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * add patches/04_wrapping_headers_bugfix.dpatch to fix crash with wrapping
+    headers (Closes: 428368).
+
+ -- Pierre Habouzit <madcoder at debian.org>  Fri, 20 Jul 2007 11:04:07 +0200
+
 lighttpd (1.4.15-1) unstable; urgency=low
 
   * New upstream release (closes: #419131)
diff -u lighttpd-1.4.15/debian/patches/00list lighttpd-1.4.15/debian/patches/00list
--- lighttpd-1.4.15/debian/patches/00list
+++ lighttpd-1.4.15/debian/patches/00list
@@ -2,0 +3 @@
+04_wrapping_headers_bugfix.dpatch
only in patch2:
unchanged:
--- lighttpd-1.4.15.orig/debian/patches/04_wrapping_headers_bugfix.dpatch
+++ lighttpd-1.4.15/debian/patches/04_wrapping_headers_bugfix.dpatch
@@ -0,0 +1,127 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 04_wrapping_headers_bugfix.dpatch by Pierre Habouzit <madcoder at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+ at DPATCH@
+diff -urNad lighttpd-1.4.15~/src/request.c lighttpd-1.4.15/src/request.c
+--- lighttpd-1.4.15~/src/request.c	2007-04-13 17:26:31.000000000 +0200
++++ lighttpd-1.4.15/src/request.c	2007-07-20 11:03:12.000000000 +0200
+@@ -284,8 +284,6 @@
+ 
+ 	int done = 0;
+ 
+-	data_string *ds = NULL;
+-
+ 	/*
+ 	 * Request: "^(GET|POST|HEAD) ([^ ]+(\\?[^ ]+|)) (HTTP/1\\.[01])$"
+ 	 * Option : "^([-a-zA-Z]+): (.+)$"
+@@ -715,12 +713,24 @@
+ 			switch(*cur) {
+ 			case '\r':
+ 				if (con->parse_request->ptr[i+1] == '\n') {
++					data_string *ds = NULL;
++
+ 					/* End of Headerline */
+ 					con->parse_request->ptr[i] = '\0';
+ 					con->parse_request->ptr[i+1] = '\0';
+ 
+ 					if (in_folding) {
+-						if (!ds) {
++						buffer *key_b;
++						/**
++						 * we use a evil hack to handle the line-folding
++						 * 
++						 * As array_insert_unique() deletes 'ds' in the case of a duplicate
++						 * ds points somewhere and we get a evil crash. As a solution we keep the old
++						 * "key" and get the current value from the hash and append us
++						 *
++						 * */
++
++						if (!key || !key_len) {
+ 							/* 400 */
+ 
+ 							if (srv->srvconf.log_request_header_on_error) {
+@@ -737,7 +747,15 @@
+ 							con->response.keep_alive = 0;
+ 							return 0;
+ 						}
+-						buffer_append_string(ds->value, value);
++
++						key_b = buffer_init();
++						buffer_copy_string_len(key_b, key, key_len);
++
++						if (NULL != (ds = (data_string *)array_get_element(con->request.headers, key_b->ptr))) {
++							buffer_append_string(ds->value, value);
++						}
++
++						buffer_free(key_b);
+ 					} else {
+ 						int s_len;
+ 						key = con->parse_request->ptr + first;
+@@ -969,7 +987,12 @@
+ 					first = i+1;
+ 					is_key = 1;
+ 					value = 0;
+-					key_len = 0;
++#if 0
++					/**
++					 * for Bug 1230 keep the key_len a live
++					 */
++					key_len = 0; 
++#endif
+ 					in_folding = 0;
+ 				} else {
+ 					if (srv->srvconf.log_request_header_on_error) {
+diff -urNad lighttpd-1.4.15~/tests/core-request.t lighttpd-1.4.15/tests/core-request.t
+--- lighttpd-1.4.15~/tests/core-request.t	2007-02-08 17:34:47.000000000 +0100
++++ lighttpd-1.4.15/tests/core-request.t	2007-07-20 11:03:12.000000000 +0200
+@@ -8,7 +8,7 @@
+ 
+ use strict;
+ use IO::Socket;
+-use Test::More tests => 33;
++use Test::More tests => 36;
+ use LightyTest;
+ 
+ my $tf = LightyTest->new();
+@@ -273,6 +273,38 @@
+ $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
+ ok($tf->handle_http($t) == 0, 'uppercase filenames');
+ 
++$t->{REQUEST}  = ( <<EOF
++GET / HTTP/1.0
++Location: foo
++Location: foobar
++  baz
++EOF
++ );
++$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
++ok($tf->handle_http($t) == 0, '#1209 - duplicate headers with line-wrapping');
++
++$t->{REQUEST}  = ( <<EOF
++GET / HTTP/1.0
++Location: 
++Location: foobar
++  baz
++EOF
++ );
++$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
++ok($tf->handle_http($t) == 0, '#1209 - duplicate headers with line-wrapping - test 2');
++
++$t->{REQUEST}  = ( <<EOF
++GET / HTTP/1.0
++A: 
++Location: foobar
++  baz
++EOF
++ );
++$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
++ok($tf->handle_http($t) == 0, '#1209 - duplicate headers with line-wrapping - test 3');
++
++
++
+ 
+ ok($tf->stop_proc == 0, "Stopping lighttpd");
+ 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-lighttpd-maintainers/attachments/20070720/5d8d2e2f/attachment.pgp

More information about the pkg-lighttpd-maintainers mailing list