[Wifidog] Wifidog segfault

Philippe April isf_lists at philippeapril.com
Wed Oct 27 21:17:39 EDT 2004 

Personnally, I think we should evaluate our needs.

If it's just to process a GET or a POST (parse variables to find what we
need), and don't care much about the rest and just respond something like a redirect, wellll I'd scrap libhttpd :) But that's my own opinion.

If you (people) think it's worth it to keep libhttpd and fix it until
the next bug, fine by me, but let's do it.

Not all the hotspots crash, but it might just be a matter of time when
there's even more people (with spyware and stuff) using ISF.

On Wed, Oct 27, 2004 at 09:09:19PM -0400, Mina Naguib wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> Nice work Philippe
> 
> Something tells me that that 50-character "var" buffer in that function
> gets overflowed by a large ?SOMEHUGEVARIABLENAMEHERE=something GET request
> 
> A quick-and-dirty fix would be to resize that char array from 50 to the
> constant HTTP_MAX_URL (or the more paranoid HTTP_MAX_LEN)
> 
> The other alternative is to hack up a dynamic string function with
> asprintf()'s and free()s.. but how far do we want to go to resuscitate
> that dog ?
> 
> Philippe April wrote:
> | Ok, I have been able to reproduce a segfault.
> |
> | Basically, people with spyware or toolbars, may generate huge http
> requests (without knowing), and it looks like libhttpd does not handle
> them well, it crashes somewhere in the _httpd_storeData function.
> |
> | I'm soooo tempted to dump libhttpd (you've heard this from me before).
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.6 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
> 
> iD8DBQFBgEa/eS99pGMif6wRAvUcAKCiduAiSyWvZWG0L+ilLpB56zMxEwCguk0Z
> SVFyhDdfWZ4N4rHA/TlfDK4=
> =Hh6I
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> Wifidog mailing list
> Wifidog at isf.waglo.com
> http://isf.waglo.com/mailman/listinfo/wifidog_isf.waglo.com
> 

-- 
Philippe April
philippe at philippeapril.com
GnuPG: http://key.philippeapril.com/

-------------- next part --------------
_______________________________________________
Wifidog mailing list
Wifidog at isf.waglo.com
http://isf.waglo.com/mailman/listinfo/wifidog_isf.waglo.com

More information about the Wifidog mailing list