[Wifidog] libhttpd issues

Philippe April papril777 at yahoo.com
Sat May 15 23:34:47 EDT 2004


I'm having issues with libhttpd.

First, I thought my problems with WiFiDog crashing were because of
bad/no error handling, but now there's even more.

I was just going to use the computer, fired up IE and it called for my
homepage, I got the redirection to the central server.

Then, my google toolbar sent a request to google.ca to find out about
who-knows-what (I suppose the ranking of the page).

WiFiDog got that request, and segfaulted.

I found out it was caused by the handling of the "Cookie:" parameter
the google bar was doing, libhttpd probably didn't expect something it
sent. I kept the string to be able to reproduce later on.

I commented it out in api.c in libhttpd, we don't need cookie handling
anyway.

But I wonder: do we feel comfortable about keeping a piece of
software we haven't wrote ourselves that segfaults when particular
patterns happen?

I know we could correct it and just move on but I'm afraid there might
be more and more. It's not just about the buffer overflows one could try
to exploit, it's mostly about WiFiDog crashing.

Not sure if there's a good way to fix all of that. We could go back to
doing just a dumb analysis of the URL requested like I did at the
beginning, which should be fairly safe but of course very unstandard (we
could scan, and if it says /auth/, we pick it up or something).

Thoughts?

-- 
Philippe April
papril777 at yahoo.com
GnuPG: http://key.philippeapril.com/

-------------- next part --------------
_______________________________________________
Wifidog mailing list
Wifidog at isf.waglo.com
http://isf.waglo.com/mailman/listinfo/wifidog_isf.waglo.com


More information about the Wifidog mailing list