Changeset 766 for trunk/lib/Perlbal/ClientProxy.pm

Timestamp:

03/09/08 03:58:16 (21 months ago)

Author:

bradfitz

Message:

SECURITY: patch from Jeremey James <jbj@…> to not crash
on zero byte chunked upload when buffered uploads are enabled.

Files:

• trunk/lib/Perlbal/ClientProxy.pm (modified) (3 diffs)

trunk/lib/Perlbal/ClientProxy.pm

@@ -1021 +1021 @@
     # reset our position so we start reading from the right spot
     $self->{buoutpos} = 0;
-    sysseek($self->{bufh}, 0, 0);
+    sysseek($self->{bufh}, 0, 0) if ($self->{bufh}); # But only if it exists at all
 
     # notify that we want the backend so we get the ball rolling
@@ -1035 +1035 @@
     my $clen = $self->{request_body_length};
 
-    my $sent = Perlbal::Socket::sendfile($be->{fd}, fileno($self->{bufh}), $clen - $self->{buoutpos});
-    if ($sent < 0) {
-        return $self->close("epipe") if $! == EPIPE;
-        return $self->close("connreset") if $! == ECONNRESET;
-        print STDERR "Error w/ sendfile: $!\n";
-        return $self->close('sendfile_error');
-    }
-    $self->{buoutpos} += $sent;
+    if ($self->{buoutpos} < $clen) {
+        my $sent = Perlbal::Socket::sendfile($be->{fd}, fileno($self->{bufh}), $clen - $self->{buoutpos});
+        if ($sent < 0) {
+            return $self->close("epipe") if $! == EPIPE;
+            return $self->close("connreset") if $! == ECONNRESET;
+            print STDERR "Error w/ sendfile: $!\n";
+            return $self->close('sendfile_error');
+        }
+        $self->{buoutpos} += $sent;
+    }
 
     # if we're done, purge the file and move on
@@ -1155 +1157 @@
 sub purge_buffered_upload {
     my Perlbal::ClientProxy $self = shift;
+
+    # Main reason for failure below is a 0-length chunked upload, where the file is never created.
+    return unless $self->{bufh};
 
     # FIXME: it's reported that sometimes the two now-in-eval blocks