This is the mail archive of the
ecos-discuss@sources.redhat.com
mailing list for the eCos project.
Re: return value of fdopen in cyg_httpd_process should be checked for validity
- From: Nick Garnett <nickg at ecoscentric dot com>
- To: Andrew Lunn <andrew at lunn dot ch>
- Cc: sandeep <sandeep at codito dot com>, ecos-discuss at sources dot redhat dot com
- Date: 11 Dec 2003 11:26:11 +0000
- Subject: Re: [ECOS] return value of fdopen in cyg_httpd_process should be checked for validity
- References: <017a01c3bf0b$753e2ba0$2564a8c0@blackmagic><20031210125736.GQ2527@lunn.ch>
Andrew Lunn <andrew@lunn.ch> writes:
> On Wed, Dec 10, 2003 at 04:20:41PM +0530, sandeep wrote:
> > function cyg_httpd_process in httpd.c , has code like --
> >
> > FILE *client;
> > ------- snipped -------
> > client = fdopen( client_socket, "r+");
> >
> > /* We are really only interested in the first line.
> > */
> > fgets( request, sizeof(request), client );
> > ...........
> > ...........
> >
> > If malloc fails (tracing fdopen internals) then client will be set
> > to NULL and further referencing of client cause buggy behaviours. So
> > it is clear that a validity check needs to be done on return value
> > of fdopen before going ahead with using it's return value. But what
> > should be the action in that failure case? should one just return
> > from that point? I guess, if we do that, it will make the requesting
> > browser to fail getting any response for it's request and retrying
> > will need to be done. Andrew, is that safe enough?
>
> Nick is the person to ask, not me. Nick wrote the code. I just added
> IPv6 support.
>
> Just returning is not enough. Doing that will result in the leak of a
> socket.
I suspect that the correct thing to do is to send a pre-packaged
response back to the browser saying something like "Server out of
resources". This would have to be done using a plain write() followed
by a close(). It will probably also need to read() the rest of the
request header. All a bit yukky unfortunately.
--
Nick Garnett eCos Kernel Architect
http://www.ecoscentric.com The eCos and RedBoot experts
--
Before posting, please read the FAQ: http://sources.redhat.com/fom/ecos
and search the list archive: http://sources.redhat.com/ml/ecos-discuss