[CRITICAL] uninitialized response field can sometimes cause crashes

[cherry-picked from commit 79e998919660b2ec6d5dc11be9d820c5c1965460] The response message in the transaction structure was not properly initialised at session initialisation. In theory it cannot cause any trouble since the affected field os expected to always remain NULL. However, in some circumstances, such as building on 64-bit platforms with certain options, the struct session can be exactly 1024 bytes, the same size of the requri field, so the pools are merged and the uninitialised field may contain non-null data, causing crashes if an invalid response is encountered and archived. The fix simply consists in correctly initialising the missing fields. This bug cannot affect architectures where the session pool is not shared (32-bit architectures), but this is only by pure luck.
2026-01-18 15:20:59 +01:00 · 2009-04-27 08:11:33 +02:00 · 2009-04-27 08:11:33 +02:00 · c0e4eb7d1d
commit c0e4eb7d1d
parent 5a01de1c74
1 changed files with 2 additions and 0 deletions
--- a/src/client.c
+++ b/src/client.c
@ -238,6 +238,8 @@ int event_accept(int fd) {
 			txn->rsp.msg_state = HTTP_MSG_RPBEFORE; /* at the very beginning of the response */
 			txn->req.sol = txn->req.eol = NULL;
 			txn->req.som = txn->req.eoh = 0; /* relative to the buffer */
+			txn->rsp.sol = txn->rsp.eol = NULL;
+			txn->rsp.som = txn->rsp.eoh = 0; /* relative to the buffer */
 			txn->auth_hdr.len = -1;

 			if (p->nb_req_cap > 0) {