[Wifidog] Wifidog segfault
Mina Naguib
webmaster at topfx.com
Wed Oct 27 21:09:19 EDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Nice work Philippe
Something tells me that that 50-character "var" buffer in that function
gets overflowed by a large ?SOMEHUGEVARIABLENAMEHERE=something GET request
A quick-and-dirty fix would be to resize that char array from 50 to the
constant HTTP_MAX_URL (or the more paranoid HTTP_MAX_LEN)
The other alternative is to hack up a dynamic string function with
asprintf()'s and free()s.. but how far do we want to go to resuscitate
that dog ?
Philippe April wrote:
| Ok, I have been able to reproduce a segfault.
|
| Basically, people with spyware or toolbars, may generate huge http
requests (without knowing), and it looks like libhttpd does not handle
them well, it crashes somewhere in the _httpd_storeData function.
|
| I'm soooo tempted to dump libhttpd (you've heard this from me before).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBgEa/eS99pGMif6wRAvUcAKCiduAiSyWvZWG0L+ilLpB56zMxEwCguk0Z
SVFyhDdfWZ4N4rHA/TlfDK4=
=Hh6I
-----END PGP SIGNATURE-----
_______________________________________________
Wifidog mailing list
Wifidog at isf.waglo.com
http://isf.waglo.com/mailman/listinfo/wifidog_isf.waglo.com
More information about the Wifidog
mailing list