"GOT", but the "O" is a cute, smiling pufferfish. Index | Thread | Search

From:
Stefan Sperling <stsp@stsp.name>
Subject:
Re: gotwebd: memleak in (and small refactoring of) fcgi_parse_record
To:
Omar Polo <op@omarpolo.com>
Cc:
gameoftrees@openbsd.org, Tracey Emery <tracey@traceyemery.net>
Date:
Thu, 1 Sep 2022 09:42:23 +0200

Download raw body.

Thread
On Wed, Aug 31, 2022 at 05:58:08PM +0200, Omar Polo wrote:
> gotwebd parses the fastcgi params into a list.  (I think this is a
> leftover from slowcgi, where that list is then used to fill the
> environment of the CGI process.)  However, the list is never free'd
> and also never looked at outside of fcgi_parse_params, so I think we
> can drop it.
> 
> I ended up looking at the fastcgi code for a different reason.  I've
> seen a crash in a bcopy in fcgi_parse_params once, and after
> rebuilding gotwebd with -O2 it never picked up SCRIPT_NAME
> correctly...  Turns out we're reading from an un-initialized variable
> `dr_buf' and got lucky since.

Fix looks good, just one problem:

Is there a specific reason you are using strncpy() instead of strlcpy()?
There are edge-case differences in the behaviour of NUL-terminating
the result (see strncpy(3) EXAMPLES section).