diff options
author | Stefan Bühler <stbuehler@web.de> | 2014-02-16 13:08:27 +0000 |
---|---|---|
committer | Stefan Bühler <stbuehler@web.de> | 2014-02-16 13:08:27 +0000 |
commit | ef0b353fee598ddb7c5ec4e1e7f5427bf3d4e155 (patch) | |
tree | ad6f32f78202bd989883f785b0a2453dc5081599 | |
parent | 954184e9497ea22ff3d1c7e4f48b5e4b385a8a8d (diff) | |
download | lighttpd-git-ef0b353fee598ddb7c5ec4e1e7f5427bf3d4e155.tar.gz |
[mod_cml_lua] fix null pointer dereference
a local lua script could trigger it by not sending any files and not
setting a last-modified header, leading to zero mtime and a buffer
ptr = NULL which was used in http_response_handle_cachable
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2951 152afb58-edef-0310-8abb-c4023f1b3aa9
-rw-r--r-- | NEWS | 1 | ||||
-rw-r--r-- | src/mod_cml_lua.c | 10 |
2 files changed, 4 insertions, 7 deletions
@@ -15,6 +15,7 @@ NEWS * [buffer] fix length check in buffer_is_equal_right_len * fix resource leaks in error cases on config parsing and other initializations * add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546) + * [mod_cml_lua] fix null pointer dereference - 1.4.34 * [mod_auth] explicitly link ssl for SHA1 (fixes #2517) diff --git a/src/mod_cml_lua.c b/src/mod_cml_lua.c index 92fa6e11..f77a7c71 100644 --- a/src/mod_cml_lua.c +++ b/src/mod_cml_lua.c @@ -398,26 +398,22 @@ int cache_parse_lua(server *srv, connection *con, plugin_data *p, buffer *fn) { con->file_finished = 1; ds = (data_string *)array_get_element(con->response.headers, "Last-Modified"); + if (0 == mtime) mtime = time(NULL); /* default last-modified to now */ /* no Last-Modified specified */ - if ((mtime) && (NULL == ds)) { + if (NULL == ds) { strftime(timebuf, sizeof(timebuf), "%a, %d %b %Y %H:%M:%S GMT", gmtime(&mtime)); response_header_overwrite(srv, con, CONST_STR_LEN("Last-Modified"), timebuf, sizeof(timebuf) - 1); - tbuf.ptr = timebuf; tbuf.used = sizeof(timebuf); tbuf.size = sizeof(timebuf); - } else if (ds) { + } else { tbuf.ptr = ds->value->ptr; tbuf.used = ds->value->used; tbuf.size = ds->value->size; - } else { - tbuf.size = 0; - tbuf.used = 0; - tbuf.ptr = NULL; } if (HANDLER_FINISHED == http_response_handle_cachable(srv, con, &tbuf)) { |