[ECOS] return value of fdopen in cyg_httpd_process should be checked for validity

sandeep sandeep@codito.com
Wed Dec 10 10:47:00 GMT 2003


function cyg_httpd_process in httpd.c , has code like --

 FILE *client;
------- snipped -------
 client = fdopen( client_socket, "r+");

 /* We are really only interested in the first line.
  */
 fgets( request, sizeof(request), client );
...........
...........

If malloc fails (tracing fdopen internals) then client will be set to NULL and
further referencing
of client cause buggy behaviours. So it is clear that a validity check needs to
be done on return value of fdopen before going ahead with using it's return
value. But what should be the action in that failure case?

should one just return from that point? I guess, if we do that, it will make the
requesting browser to fail getting any response for it's request and retrying
will need to be done. Andrew, is that safe enough?

I can send the trivial patch for it, once above issue is settled.

peace
sandeep





-- 
Before posting, please read the FAQ: http://sources.redhat.com/fom/ecos
and search the list archive: http://sources.redhat.com/ml/ecos-discuss



More information about the Ecos-discuss mailing list