[PATCH] fix httpd lockup in cgi POSTs
Matthias Reichl
hias at horus.com
Sun Feb 11 11:38:13 PST 2007
While debugging some lockup problems with the openwrt webif^2 firmware
upload page I discovered a bug in httpd.c:
In line 1216 it must really be safe_read(), not full_read().
Otherwise httpd may lock up in the case where the cgi-script
has sent some data before fully receiving all POSTed data.
httpd.c multiplexes fine using select() and only calls safe_read()
if data is available, whereas full_read() loops over safe_read()
without checking if data is available. In this case read() will
block...
so long,
Hias
--- busybox-1.4.1.orig/networking/httpd.c 2007-01-24 22:34:34.000000000 +0100
+++ busybox-1.4.1/networking/httpd.c 2007-02-11 20:37:01.000000000 +0100
@@ -1211,9 +1211,10 @@
#if PIPESIZE >= MAX_MEMORY_BUFF
# error "PIPESIZE >= MAX_MEMORY_BUFF"
#endif
- /* NB: was safe_read. If it *has to be* safe_read, */
- /* please explain why in this comment... */
- count = full_read(inFd, rbuf, PIPESIZE);
+ /* reverted back to safe_read, otherwise httpd may */
+ /* block if the cgi-script outputs page date before */
+ /* it has fully received all (POST) data */
+ count = safe_read(inFd, rbuf, PIPESIZE);
if (count == 0)
break; /* closed */
if (count < 0)
More information about the busybox
mailing list