mt-daapd server crashes when requesting a scanpa
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mt-daapd (Debian) |
Fix Released
|
Unknown
|
|||
mt-daapd (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Binary package hint: mt-daapd
By requesting a metadata scan through mt-daapd's web interface, I can crash the mt-daapd process.
I see the following in the log output (using 'sudo mt-daapd -D webserver -d -f'):
Thread 12:
Request: POST /xml-rpc HTTP/1.1
Thread 12: Read: User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.25-rc7-p2; X11; ppc) KHTML/3.5.9 (like Gecko) (Kubuntu package 4:3.5.9-0ubuntu5)
Thread 12: Adding header *User-Agent=
Added *User-Agent=
Thread 12: Read: Referer: http://
Thread 12: Adding header *Referer=http://
Added *Referer=http://
Thread 12: Read: Pragma: no-cache
Thread 12: Adding header *Pragma=no-cache*
Added *Pragma=no-cache*
Thread 12: Read: Cache-control: no-cache
Thread 12: Adding header *Cache-
Added *Cache-
Thread 12: Read: Accept: text/html, image/jpeg, image/png, text/*, image/*, */*
Thread 12: Adding header *Accept=text/html, image/jpeg, image/png, text/*, image/*, */**
Added *Accept=text/html, image/jpeg, image/png, text/*, image/*, */**
Thread 12: Read: Accept-Encoding: x-gzip, x-deflate, gzip, deflate
Thread 12: Adding header *Accept-
Added *Accept-
Thread 12: Read: Accept-Charset: utf-8, utf-8;q=0.5, *;q=0.5
Thread 12: Adding header *Accept-
Added *Accept-
Thread 12: Read: Accept-Language: en
Thread 12: Adding header *Accept-
Added *Accept-
Thread 12: Read: Host: pokey:3689
Thread 12: Adding header *Host=pokey:3689*
Added *Host=pokey:3689*
Thread 12: Read: connection: close
Thread 12: Adding header *connection=close*
Added *connection=close*
Thread 12: Read: x-prototype-
Thread 12: Adding header *x-prototype-
Added *x-prototype-
Thread 12: Read: x-requested-with: XMLHttpRequest
Thread 12: Adding header *x-requested-
Added *x-requested-
Thread 12: Read: Content-type: application/
Thread 12: Adding header *Content-
Added *Content-
Thread 12: Read: Authorization: Basic YWRtaW46ZGVhbDl
Thread 12: Adding header *Authorization=
Added *Authorization=
Thread 12: Read: Connection: Keep-Alive
Thread 12: Adding header *Connection=
Updating Connection from close to Keep-Alive
Thread 12: Out of memory
Aborting
Rendezvous socket closed (daap server crashed?) Aborting.
Aborting
Fix:
It looks like the browser is sending two 'Connection:' headers (one in lowercase). This is triggerring a bug where the ws_addarg() updates (rather than inserts) a new header. This condition includes an incorrect return value. The caller assumes that the ws_addarg failed, so exits with the out of memory message.
Patch attached, also sent upstream.
Changed in mt-daapd (Debian): | |
status: | Unknown → Fix Released |
Is this symptom still reproducible in 8.10 or 9.04?