[Wifidog] libhttpd issues

Mina Naguib webmaster at topfx.com
Sun May 16 11:39:23 EDT 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


I think one of the main reasons we opted to use lightweight libraries 
such as libhttpd was the fact that hopefully they're solid enough so we 
don't have to worry about implementing it.

So the question is:

1. Was the cookie thing a one off and we just ignore it
2. Should we find another lightweight httpd
or
3. Write one from scratch

My recommendation is to treat it as a one off.

Philippe April wrote:
> I'm having issues with libhttpd.
> 
> First, I thought my problems with WiFiDog crashing were because of
> bad/no error handling, but now there's even more.
> 
> I was just going to use the computer, fired up IE and it called for my
> homepage, I got the redirection to the central server.
> 
> Then, my google toolbar sent a request to google.ca to find out about
> who-knows-what (I suppose the ranking of the page).
> 
> WiFiDog got that request, and segfaulted.
> 
> I found out it was caused by the handling of the "Cookie:" parameter
> the google bar was doing, libhttpd probably didn't expect something it
> sent. I kept the string to be able to reproduce later on.
> 
> I commented it out in api.c in libhttpd, we don't need cookie handling
> anyway.
> 
> But I wonder: do we feel comfortable about keeping a piece of
> software we haven't wrote ourselves that segfaults when particular
> patterns happen?
> 
> I know we could correct it and just move on but I'm afraid there might
> be more and more. It's not just about the buffer overflows one could try
> to exploit, it's mostly about WiFiDog crashing.
> 
> Not sure if there's a good way to fix all of that. We could go back to
> doing just a dumb analysis of the URL requested like I did at the
> beginning, which should be fairly safe but of course very unstandard (we
> could scan, and if it says /auth/, we pick it up or something).
> 
> Thoughts?
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Wifidog mailing list
> Wifidog at isf.waglo.com
> http://isf.waglo.com/mailman/listinfo/wifidog_isf.waglo.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAp4sveS99pGMif6wRAk7eAJ9j7SCVo2cPXv/qYrDsQHyNCltwqgCcCok9
Q3hFhEAsfMvv7Xm3XDTNJ08=
=iGfe
-----END PGP SIGNATURE-----

-------------- next part --------------
_______________________________________________
Wifidog mailing list
Wifidog at isf.waglo.com
http://isf.waglo.com/mailman/listinfo/wifidog_isf.waglo.com

More information about the Wifidog mailing list