Re: bin/38495: bozohttpd doesn't handle hex encoded URLs

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,joerg%NetBSD.org@localhost
Subject: Re: bin/38495: bozohttpd doesn't handle hex encoded URLs
From: Holger Weiss <holger%weiss.in-berlin.de@localhost>
Date: Wed, 7 May 2008 17:35:02 +0000 (UTC)

The following reply was made to PR bin/38495; it has been noted by GNATS.

From: Holger Weiss <holger%weiss.in-berlin.de@localhost>
To: GNATS Bugs <gnats-bugs%NetBSD.org@localhost>
Cc: 
Subject: Re: bin/38495: bozohttpd doesn't handle hex encoded URLs
Date: Wed, 7 May 2008 19:32:27 +0200

 I've seen the same problem with bozohttpd/20080303 and used the
 following patch:
 
 diff -ur bozohttpd-20080303.orig/bozohttpd.c bozohttpd-20080303/bozohttpd.c
 --- bozohttpd-20080303.orig/bozohttpd.c        2008-03-03 04:36:11.000000000 
+0100
 +++ bozohttpd-20080303/bozohttpd.c     2008-05-02 19:07:29.000000000 +0200
 @@ -1453,7 +1453,7 @@
                        http_error(400, request, "percent hack got a 0 back");
  
                while (*s && *s != '%') {
 -                      if (s >= end)
 +                      if (end && s >= end)
                                break;
                        *t++ = *s++;
                }
 
 However, I just noticed this was fixed in src/libexec/httpd/bozohttpd.c
 (r1.7) already, so I guess the PR could be closed.

Prev by Date: Re: kern/38607 (i386 acpi panic)
Next by Date: port-alpha/38608: uvm_fault_internal
Previous by Thread: bin/38495: bozohttpd doesn't handle hex encoded URLs
Next by Thread: kern/38497: Out of memory allocating ksiginfo
Indexes:

Home | Main Index | Thread Index | Old Index