Commit c35760cd authored by Marvin Scholz's avatar Marvin Scholz

Fix possible segfaults when header allocation fails

This fixes some possible segfaults that could happen if the header
(re)allocation fails.
parent 2b9440d6
......@@ -282,6 +282,14 @@ int format_advance_queue(source_t *source, client_t *client)
}
/* Prepare headers
* If any error occurs in this function, return -1
* Do not send a error to the client using client_send_error
* here but instead set client->respcode to 500.
* Else client_send_error will destroy and free the client and all
* calling functions will use a already freed client struct and
* cause a segfault!
*/
static int format_prepare_headers (source_t *source, client_t *client)
{
unsigned remaining;
......@@ -297,7 +305,7 @@ static int format_prepare_headers (source_t *source, client_t *client)
bytes = util_http_build_header(ptr, remaining, 0, 0, 200, NULL, source->format->contenttype, NULL, NULL, source, client);
if (bytes == -1) {
ICECAST_LOG_ERROR("Dropping client as we can not build response headers.");
client_send_error(client, 500, 0, "Header generation failed.");
client->respcode = 500;
return -1;
} else if ((bytes + 1024) >= remaining) { /* we don't know yet how much to follow but want at least 1kB free space */
void *new_ptr = realloc(ptr, bytes + 1024);
......@@ -308,12 +316,12 @@ static int format_prepare_headers (source_t *source, client_t *client)
bytes = util_http_build_header(ptr, remaining, 0, 0, 200, NULL, source->format->contenttype, NULL, NULL, source, client);
if (bytes == -1 ) {
ICECAST_LOG_ERROR("Dropping client as we can not build response headers.");
client_send_error(client, 500, 0, "Header generation failed.");
client->respcode = 500;
return -1;
}
} else {
ICECAST_LOG_ERROR("Client buffer reallocation failed. Dropping client.");
client_send_error(client, 500, 0, "Buffer reallocation failed.");
client->respcode = 500;
return -1;
}
}
......
......@@ -952,12 +952,18 @@ static int _free_client(void *key)
{
client_t *client = (client_t *)key;
/* if no response has been sent then send a 404 */
if (client->respcode == 0)
client_send_error(client, 404, 0, "Mount unavailable");
else
client_destroy(client);
switch (client->respcode) {
case 0:
/* if no response has been sent then send a 404 */
client_send_error(client, 404, 0, "Mount unavailable");
break;
case 500:
client_send_error(client, 500, 0, "Stream preparation error");
break;
default:
client_destroy(client);
break;
}
return 1;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment