某些背景:
我正在为nginx(Web服务器)编写一个模块,它允许在共享环境中动态设置根目录。我有一个包含其他目录的目录,每个托管用户一个;给定与请求域相关的目录路径,我需要确定它属于哪个用户。
--public_dir
---user_1
---user_2
----com/example/www/_public/
---user_3
www.example.com转换为com / example / www,该函数应返回“user_2”
问题:
我通过打开public_dir,遍历它,并检查每个第一级目录(用户)是否存在com / example / www / _public /并缓存结果来成功完成此操作。所有函数在第一次调用时都按预期运行。尝试再次打开public_dir时第二次出现段错误(在上一个函数调用中已成功关闭):
#define NGX_SHARED_ENV_SHARED_DIR "/var/www/public/"
#define NGX_SHARED_ENV_PUBLIC_DIR "_public"
char* ownerFromDir(char *dir){
char *owner;
char fullPath[strlen(NGX_SHARED_ENV_SHARED_DIR)+strlen(dir)+128];
struct dirent *e;
struct stat sb;
// ------------ERROR IN HERE----------------------------
fprintf(stderr, "Before opendir\n");
DIR *sharedDir = opendir(NGX_SHARED_ENV_SHARED_DIR);
fprintf(stderr, "After opendir\n");
// -----------------------------------------------------
if(sharedDir){
while((e=readdir(sharedDir))!=NULL){
//is the entry a directory?
if(e->d_type!=DT_DIR){
continue;
}
if(strcmp(e->d_name, ".")==0 || strcmp(e->d_name, "..")==0){
continue;
}
// build a path to check for /var/www/public/userX/com/example/www/_public
snprintf(fullPath, sizeof(fullPath), "%s%s/%s/%s", NGX_SHARED_ENV_SHARED_DIR, e->d_name, dir, NGX_SHARED_ENV_PUBLIC_DIR);
stat(fullPath, &sb);
//if a matching directory is found then copy the entry name into owner
if(S_ISDIR(sb.st_mode)){
int len = 1 + (int) strlen(e->d_name);
owner = (char*) malloc(sizeof(char)*len);
free(owner);
memcpy(owner, &(e->d_name), len);
break;
}
}
closedir(sharedDir);
}
return owner;
}
Breakpoint 1, ownerFromDir (dir=0x603450 "com/example") at ngx_module.h:43
43 char* ownerFromDir(char *dir){
(gdb) step
45 char fullPath[strlen(NGX_SHARED_ENV_SHARED_DIR)+strlen(dir)+128];
(gdb) step
48 fprintf(stderr, "Before opendir\n");
(gdb) step
Before opendir
49 DIR *sharedDir = opendir(NGX_SHARED_ENV_SHARED_DIR);
(gdb) step
50 fprintf(stderr, "After opendir\n");
(gdb) step
After opendir
51 if(sharedDir){
(gdb) continue
Continuing.
Breakpoint 1, ownerFromDir (dir=0x60b4a0 "com/example2") at ngx_module.h:43
43 char* ownerFromDir(char *dir){
(gdb) step
45 char fullPath[strlen(NGX_SHARED_ENV_SHARED_DIR)+strlen(dir)+128];
(gdb) step
48 fprintf(stderr, "Before opendir\n");
(gdb) step
Before opendir
49 DIR *sharedDir = opendir(NGX_SHARED_ENV_SHARED_DIR);
(gdb) step
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7a99df2 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
编辑:回溯
(gdb) backtrace
#0 0x00007ffff7a99df2 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007ffff7a9b446 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#2 0x00007ffff7a9dfc5 in malloc () from /lib/x86_64-linux-gnu/libc.so.6
#3 0x00007ffff7ad651b in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#4 0x0000000000400aea in ownerFromDir (dir=0x60b4a0 "com/example2") at ./ngx_module.h:48
#5 0x0000000000400cb2 in ownerFromDom (domain=0x40116c "example2.com") at ./ngx_module.h:82
#6 0x0000000000400f3f in testOwner (domain=0x40116c "example2.com", expect=0x401150 "user2") at ./ngx_module.c:45
#7 0x0000000000400e27 in runTests () at ./ngx_module.c:29
#8 0x0000000000400d0b in main (argc=1, argv=0x7fffffffe708) at ./ngx_module.c:10
任何人都可以指出我正确的方向吗?
答案 0 :(得分:1)
您的代码确实:
if(S_ISDIR(sb.st_mode)){
int len = 1 + (int) strlen(e->d_name);
owner = (char*) malloc(sizeof(char)*len);
free(owner);
memcpy(owner, &(e->d_name), len);
break;
}
这导致:
return owner;
你已经释放了内存,因此memcpy()无效(访问你无权访问的内存)并且返回至少是危险的并且可以说是无效的(你要传回指针释放记忆。)
删除此代码中的free()。谁知道调用代码出了什么问题,但是一个适度合理的猜测是'你free()返回的值',这是一个双重免费,这也是一个严重的禁忌。
如上所述,memcpy()很容易破坏你的堆;双重免费可能会破坏你的堆。因此,有两个堆损坏源,你很可能在某处导致崩溃,而opendir()进行内存分配,因此它是一个看似合理的受害者。如果在此之前进行了内存分配,则可能会崩溃。