[Wifidog] Wifidog segfault

Philippe April isf_lists at philippeapril.com
Thu Oct 28 11:35:26 EDT 2004


Two bugs.

1. Utopik just crashed (and it's running CVS) on the same read() call in
the ping_thread. We need to fix this.
2. That 50 chars buffer does not work for us.

Now, I would love to scrap all the sections in libhttpd that we don't
need (ie. parsing POST data, etc.), and check the parser for the GET
(sending badly formatted data might make it crash).

And we have to fix it like... now. for real, cafes are crashing randomly
depending on the client software running on the machine.

If norton antivirus updates its definition before the client is
authenticated, it might send big bad POST request and make wifidog
crash. Same for the spyware.. Just 2 common examples.

A regular browser will work fine.

So, who works on what, and can we be done soon? :)

On Wed, Oct 27, 2004 at 09:17:39PM -0400, Philippe April wrote:
> Personnally, I think we should evaluate our needs.
> 
> If it's just to process a GET or a POST (parse variables to find what we
> need), and don't care much about the rest and just respond something like a redirect, wellll I'd scrap libhttpd :) But that's my own opinion.
> 
> If you (people) think it's worth it to keep libhttpd and fix it until
> the next bug, fine by me, but let's do it.
> 
> Not all the hotspots crash, but it might just be a matter of time when
> there's even more people (with spyware and stuff) using ISF.
> 
> On Wed, Oct 27, 2004 at 09:09:19PM -0400, Mina Naguib wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > 
> > Nice work Philippe
> > 
> > Something tells me that that 50-character "var" buffer in that function
> > gets overflowed by a large ?SOMEHUGEVARIABLENAMEHERE=something GET request
> > 
> > A quick-and-dirty fix would be to resize that char array from 50 to the
> > constant HTTP_MAX_URL (or the more paranoid HTTP_MAX_LEN)
> > 
> > The other alternative is to hack up a dynamic string function with
> > asprintf()'s and free()s.. but how far do we want to go to resuscitate
> > that dog ?
> > 
> > Philippe April wrote:
> > | Ok, I have been able to reproduce a segfault.
> > |
> > | Basically, people with spyware or toolbars, may generate huge http
> > requests (without knowing), and it looks like libhttpd does not handle
> > them well, it crashes somewhere in the _httpd_storeData function.
> > |
> > | I'm soooo tempted to dump libhttpd (you've heard this from me before).
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.2.6 (GNU/Linux)
> > Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
> > 
> > iD8DBQFBgEa/eS99pGMif6wRAvUcAKCiduAiSyWvZWG0L+ilLpB56zMxEwCguk0Z
> > SVFyhDdfWZ4N4rHA/TlfDK4=
> > =Hh6I
> > -----END PGP SIGNATURE-----
> > 
> > _______________________________________________
> > Wifidog mailing list
> > Wifidog at isf.waglo.com
> > http://isf.waglo.com/mailman/listinfo/wifidog_isf.waglo.com
> > 
> 
> -- 
> Philippe April
> philippe at philippeapril.com
> GnuPG: http://key.philippeapril.com/
> 

> _______________________________________________
> Wifidog mailing list
> Wifidog at isf.waglo.com
> http://isf.waglo.com/mailman/listinfo/wifidog_isf.waglo.com


-- 
Philippe April
philippe at philippeapril.com
GnuPG: http://key.philippeapril.com/



More information about the Wifidog mailing list