artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 099ef0a) | patch
Work around use after free in httpd(8)
authortb <tb@openbsd.org>
Wed, 12 Jul 2023 12:37:27 +0000 (12:37 +0000)
committertb <tb@openbsd.org>
Wed, 12 Jul 2023 12:37:27 +0000 (12:37 +0000)
commitebfb03220bccb7445fdf5aa866e0b52e53c4037b
treebee4bd5001ba115b996d7b92d72525ac60c7284etree | snapshot
parent099ef0afd1d3a8f80ee8fd5e9347ce3c013731b0commit | diff
Work around use after free in httpd(8)

A malformed HTTP request can cause httpd in fastcgi mode to crash due to a
use-after-free. This is an awful hack, but it's good enough until someone
figures out the correct way of dealing with server_close() here.

"this will do the trick for now" claudio
ok beck deraadt
usr.sbin/httpd/httpd.h diff | blob | history
usr.sbin/httpd/server.c diff | blob | history
usr.sbin/httpd/server_fcgi.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim