Re: [libmicrohttpd] bad request chrashes daemon

[Christian Grothoff]

Hi all,

Just for your information -- I put an improved fix (one that I spend more than 
5 minutes on) into subversion a few days ago.  I'm still doing some more 
extensive tests (the goal is to add a test suite that would include testing 
for these types of issues with clients violating the protocol -- hard to test 
just using libcurl...).

Sebastian, if you're able to still cause problems at this point, I'd be very 
interested to hear how -- my current testing method (which I still have to 
automate and which was able to automatically find the two issues you 
described) is no longer able to find any problems.

Best,

Christian

On Wednesday 26 March 2008, Sebastian wrote:
> Hello Christian,
>
> your fix catches one bad line, but it seenms to be still vulnerable if
> there are two of them with leading spaces.
>
> I built fresh from SVN 6626 (without messages this time).
>
> Minimal_example and telnetting on same host. Telnet input:
> >GET /<enter>
> > abc<enter>
> > dfg<enter>
>
> (mind the spaces)
> gives me a segfault again.
>
>
> Sebastian
>
> > You are right.  Fixed in SVN 6626 with the following patch (I think it
> > is best
> > to "tolerate" this kind of malformed request by ignoring the "abc" input
> > instead of closing the connection or being unfriendly in some other
> > fashion). Now, the code will kill the connection if there are multiple
> > lines of bad input like that (before the end of the header).
> >
> > I guess what we should do is send an HTTP 400 Bad Request response, but
> > that patch will be a bit longer. I'll look into doing something along
> > those lines later today.
> >
> > Christian
>
> _______________________________________________
> libmicrohttpd mailing list
> address@hidden
> http://crisp.cs.du.edu/cgi-bin/mailman/listinfo/libmicrohttpd