[Privoxy-commits] [privoxy] 04/12: sed_https(): Also update csp->https_headers->first which may have been changed by header reordering

User Git git at git.privoxy.org
Tue Jan 5 13:56:40 UTC 2021 

This is an automated email from the git hooks/post-receive script.

git pushed a commit to branch master
in repository privoxy.

commit eac6fa49cc51175bfc99cfeb0acbe1a2f2e1f5b1
Author: Fabian Keil <fk at fabiankeil.de>
AuthorDate: Sun Jan 3 12:06:56 2021 +0100

    sed_https(): Also update csp->https_headers->first which may have been changed by header reordering
    
    Prevents forwarding of invalid requests and segmentation faults when the
    client-header-order directive is used while https inspection is enabled.
    
        Program terminated with signal SIGSEGV, Segmentation fault.
        (gdb) where
        #0  0x0000000801d1cbb0 in arena_run_heap_remove (ph=0x8027130d8, phn=0x802c01360) at jemalloc_arena.c:77
        #1  0x0000000801d17188 in arena_dissociate_bin_run (chunk=<optimized out>, run=0x802c01378, bin=0x802713098) at jemalloc_arena.c:2839
        #2  arena_dalloc_bin_locked_impl (tsdn=0x8006e3690, arena=0x802712540, chunk=<optimized out>, ptr=<optimized out>, bitselm=<optimized out>, junked=<optimized out>) at jemalloc_arena.c:2905
        #3  0x0000000801cfd1fd in __je_tcache_bin_flush_small (tsd=<optimized out>, tcache=<optimized out>, tbin=0x802a760e8, binind=<optimized out>, rem=<optimized out>) at jemalloc_tcache.c:134
        #4  0x0000000801cfe01b in tcache_destroy (tsd=0x8006e3690, tcache=0x802a76000) at jemalloc_tcache.c:368
        #5  0x0000000801cfdde7 in __je_tcache_cleanup (tsd=0x8006e3690) at jemalloc_tcache.c:407
        #6  0x0000000801cfcd53 in __je_tsd_cleanup (arg=0x8006e3690) at jemalloc_tsd.c:82
        #7  0x0000000801cfcf3b in __je_tsd_cleanup_wrapper () at /usr/src/contrib/jemalloc/include/jemalloc/internal/tsd.h:658
        #8  0x0000000801cfccca in _malloc_thread_cleanup () at jemalloc_tsd.c:52
        #9  0x0000000801a529c2 in exit_thread () at /usr/src/lib/libthr/thread/thr_exit.c:302
        #10 0x0000000801a528fe in _pthread_exit_mask (status=<optimized out>, mask=<optimized out>) at /usr/src/lib/libthr/thread/thr_exit.c:266
        #11 0x0000000801a5275b in _pthread_exit (status=0x8027130d8) at /usr/src/lib/libthr/thread/thr_exit.c:206
        #12 0x0000000801a45094 in thread_start (curthread=0x802817e00) at /usr/src/lib/libthr/thread/thr_create.c:290
        #13 0x0000000000000000 in ?? ()
        Backtrace stopped: Cannot access memory at address 0x7fffdf9fb000
    
    Reported by: Kai Raven
---
 parsers.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/parsers.c b/parsers.c
index 69a8fb4b..8d066050 100644
--- a/parsers.c
+++ b/parsers.c
@@ -1346,9 +1346,11 @@ jb_err sed_https(struct client_state *csp)
    csp->flags |= CSP_FLAG_CLIENT_HEADER_PARSING_DONE;
 
    /*
-    * Update the last header which may have changed
-    * due to header additions,
+    * Update the https headers list which may have
+    * been modified due to header additions or header
+    * reordering.
     */
+   csp->https_headers->first = csp->headers->first;
    csp->https_headers->last = csp->headers->last;
 
    csp->headers->first = headers.first;

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the Privoxy-commits mailing list