[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [libmicrohttpd] bad request chrashes daemon
From: |
Christian Grothoff |
Subject: |
Re: [libmicrohttpd] bad request chrashes daemon |
Date: |
Wed, 26 Mar 2008 08:51:17 -0600 |
User-agent: |
KMail/1.9.7 |
You are right. Fixed in SVN 6626 with the following patch (I think it is best
to "tolerate" this kind of malformed request by ignoring the "abc" input
instead of closing the connection or being unfriendly in some other fashion).
Now, the code will kill the connection if there are multiple lines of bad
input like that (before the end of the header).
I guess what we should do is send an HTTP 400 Bad Request response, but that
patch will be a bit longer. I'll look into doing something along those lines
later today.
Christian
Index: connection.c
===================================================================
--- connection.c (revision 6619)
+++ connection.c (working copy)
@@ -1220,8 +1220,10 @@
connection->last = last;
return; /* possibly more than 2 lines... */
}
- if (MHD_NO == connection_add_header (connection,
- last, connection->colon, kind))
+ if ( (last != NULL) &&
+ (connection->colon != NULL) &&
+ (MHD_NO == connection_add_header (connection,
+ last, connection->colon, kind)) )
{
excessive_data_handler (connection, MHD_HTTP_REQUEST_ENTITY_TOO_LARGE);
return;
Christian
On Wednesday 26 March 2008, Sebastian Gerhardt wrote:
> Hello MHD developers,
>
> I am not sure whether this is a bug in the library or
> the application bears responsibility for this, but a misbehaving client
> is able to chrash the daemon.
> I have tried version 2.2 and 2.3, compiled and ran it on Debian Etch x86
> without libcurl.
>
> I can reproduce this with your minimal_example:
> 1.$ ./minimal_example 8000 50
> 2.$ telnet localhost
>
> >GET / <enter>
> >abc<enter>
>
> <enter>
>
> Output:
> `MHD_connection_handle_idle' in state 1
> Received malformed line (no colon), closing connection.
> `MHD_connection_handle_idle' in state 2
> `MHD_connection_handle_idle' in state 2
> `MHD_connection_handle_idle' in state 3
> segmentation fault
>
>
> I think this is because the library tries parsing for cookies in the
> header. When the function MHD_lookup_connection_value in connection.c is
> reached, he does a strcasecmp (key, pos->header) but pos->header is NULL
> at this point.
>
>
> regards
> Sebastian
>
> _______________________________________________
> libmicrohttpd mailing list
> address@hidden
> http://crisp.cs.du.edu/cgi-bin/mailman/listinfo/libmicrohttpd