Author :
millert
Date :
2023-11-08 19:19:10
Hash :76ed9045 Message :Avoid a NULL dereference when handling a malformed fastcgi request.
Rework the hack to avoid a use-after-free in the fastcgi code.
Since server_fcgi() can be called by server_read_httpcontent() we
can't set clt_fcgi_error to NULL. Instead, we implement a simple
reference count to track when a fastcgi session is in progress to
avoid closing the http session prematurely on fastcgi error.
Based on a diff from and OK by tb@. Reported by Ben Kallus.