This is the mail archive of the
ecos-discuss@sources.redhat.com
mailing list for the eCos project.
Re: return value of fdopen in cyg_httpd_process should be checked for validity
- From: Andrew Lunn <andrew at lunn dot ch>
- To: sandeep <sandeep at codito dot com>
- Cc: ecos-discuss at sources dot redhat dot com
- Date: Wed, 10 Dec 2003 13:57:36 +0100
- Subject: Re: [ECOS] return value of fdopen in cyg_httpd_process should be checked for validity
- References: <017a01c3bf0b$753e2ba0$2564a8c0@blackmagic>
On Wed, Dec 10, 2003 at 04:20:41PM +0530, sandeep wrote:
> function cyg_httpd_process in httpd.c , has code like --
>
> FILE *client;
> ------- snipped -------
> client = fdopen( client_socket, "r+");
>
> /* We are really only interested in the first line.
> */
> fgets( request, sizeof(request), client );
> ...........
> ...........
>
> If malloc fails (tracing fdopen internals) then client will be set
> to NULL and further referencing of client cause buggy behaviours. So
> it is clear that a validity check needs to be done on return value
> of fdopen before going ahead with using it's return value. But what
> should be the action in that failure case? should one just return
> from that point? I guess, if we do that, it will make the requesting
> browser to fail getting any response for it's request and retrying
> will need to be done. Andrew, is that safe enough?
Nick is the person to ask, not me. Nick wrote the code. I just added
IPv6 support.
Just returning is not enough. Doing that will result in the leak of a
socket.
Andrew
--
Before posting, please read the FAQ: http://sources.redhat.com/fom/ecos
and search the list archive: http://sources.redhat.com/ml/ecos-discuss