[En-Nut-Discussion] Memory leak in Webserver

Ole Reinhardt ole.reinhardt at embedded-it.de
Tue Dec 8 13:37:27 CET 2009 

Hello Hong!

> thanks for your answer!
> Because of the complexity of a project, I have to use the nut/os 4.4.0 instead of updating it to the higher version.

In this case you should realy consider to check the Changelog messages
and take over the one or the other fix into your own code. There were
several severe bugs that had been fixed in the meantime. You can
generate a diff between two SVN version of the NutOS code with

svn diff version1:version2

> I am eager to hear what the bug on the web server side is.

These are two patches concerning nut/pro/ssi.c. The first one is from
me, fixing the memory leak, the other is from harald, fixing a buffer
overflow.

--- ssi.c	(Revision 2235)
+++ ssi.c	(Revision 2239)
@@ -323,11 +326,13 @@
     }
     if (fd == -1) {
         fprintf_P(stream, rsp_not_found_P, filename);
+        NutHeapFree(filename);
         return;
     }
     
     file_len = _filelength(fd);
     handler = NutGetMimeHandler(filename);
+    NutHeapFree(filename);
     
     if (handler == NULL) {
         size = 512;                 // If we have not registered a mime
handler handle default.



--- ssi.c	(Revision 2432)
+++ ssi.c	(Revision 2455)
@@ -99,6 +102,7 @@
 #include <sys/types.h>
 #include <unistd.h>
 #include <fcntl.h>
+#include <memdebug.h>
 
 #include <sys/heap.h>
 #include <sys/version.h>
@@ -239,7 +243,7 @@
                 *cp++ = 0;
                 if (strcmp(cp, "$QUERY_STRING") == 0) {
                     uint16_t size;
-                    size = 0;
+                    size = 1; /* At least 1 for empty requests. */
                     for (i = 0; i < orig_req->req_numqptrs*2; i ++) {
                         size += strlen(orig_req->req_qptrs[i]) + 1;
                     }

But as just mentioned above: There were several important fixes since
4.4.0 available and you should consider to upgrade!


Best regards,

Ole Reinhardt

-- 

Thermotemp GmbH, Embedded-IT

Embedded Hard-/ Software and Open Source Development, 
Integration and Consulting

Geschäftsstelle Siegen - Steinstraße 67 - D-57072 Siegen - 
tel +49 (0)271 5513597, +49 (0)271-73681 - fax +49 (0)271 736 97

Hauptsitz - Hademarscher Weg 7 - 13503 Berlin
Tel +49 (0)30 4315205 - Fax +49 (0)30 43665002
Geschäftsführer: Jörg Friedrichs, Ole Reinhardt
Handelsregister Berlin Charlottenburg HRB 45978 UstID DE 156329280

More information about the En-Nut-Discussion mailing list