sblim-sfcb/sblim-sfcb-1.4.9-fix-null-content-type-crash.patch

48 lines
2.1 KiB
Diff
Raw Normal View History

Author: Adam Majer <adam.majer@suse.de>
Summary: Fix crash caused by NULL content_type
Also, allow requests with Content-Type set to text/xml
==31976== Invalid read of size 1
==31976== at 0x5883DEB: scanCimXmlRequest (cimXmlParserProcessed.c:1739)
==31976== by 0x588C88E: handleCimRequest (cimRequest.c:1850)
==31976== by 0x4E3D95A: doHttpRequest (httpAdapter.c:1399)
==31976== by 0x4E3EC96: handleHttpRequest (httpAdapter.c:1741)
==31976== by 0x4E3EC96: acceptRequest (httpAdapter.c:2022)
==31976== by 0x4E40B0C: httpDaemon (httpAdapter.c:2464)
==31976== by 0x404866: startHttpd (sfcBroker.c:540)
==31976== by 0x4038B3: main (sfcBroker.c:1062)
==31976== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==31976==
==31976==
==31976== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==31976== Access not within mapped region at address 0x0
==31976== at 0x5883DEB: scanCimXmlRequest (cimXmlParserProcessed.c:1739)
==31976== by 0x588C88E: handleCimRequest (cimRequest.c:1850)
==31976== by 0x4E3D95A: doHttpRequest (httpAdapter.c:1399)
==31976== by 0x4E3EC96: handleHttpRequest (httpAdapter.c:1741)
==31976== by 0x4E3EC96: acceptRequest (httpAdapter.c:2022)
==31976== by 0x4E40B0C: httpDaemon (httpAdapter.c:2464)
==31976== by 0x404866: startHttpd (sfcBroker.c:540)
==31976== by 0x4038B3: main (sfcBroker.c:1062)
(gdb) p *ctx
$3 = {cimDoc = 0x69058c0 "", principal = 0x0, host = 0x69054d9 "xxx.xx.xxx.xxx:5989", contentType = 0x0, teTrailers = 0,
sessionId = 1, role = 0x0, cimDocLength = 0, commHndl = 0xffefffab0, chunkFncs = 0x5044798 <httpChunkFunctions>,
className = 0x0, operation = 0, verb = 0x6905480 "POST", path = 0x6905485 "/"}
Index: sblim-sfcb-1.4.8/httpAdapter.c
===================================================================
--- sblim-sfcb-1.4.8.orig/httpAdapter.c
+++ sblim-sfcb-1.4.8/httpAdapter.c
@@ -1047,7 +1047,7 @@ doHttpRequest(CommHndl conn_fd)
inBuf.authorization = "";
inBuf.protocol = "HTTP/1.1";
- inBuf.content_type = NULL;
+ inBuf.content_type = "application/xml";
inBuf.content_length = UINT_MAX;
inBuf.host = NULL;
inBuf.useragent = "";