Current-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
bozohttpd accesses free()-ed memory
Hi!
I report this problem.
The bozohttpd accesses to free()-ed memory in bozo_process_cgi().
I encounter segmentation fault on Linux with original bozohttpd.
http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/httpd/cgi-bozo.c?rev=1.25&content-type=text/x-cvsweb-markup&only_with_tag=MAIN
int
bozo_process_cgi(bozo_httpreq_t *request)
{
	:
	char  *query, *s, *t, *path, *env, *command, *file, *url;
	:
	if (uri[0] == '/')
	   	file = bozostrdup(httpd, uri);
	else
		asprintf(&file, "/%s", uri);
	:
	if (cgihandler) {
		command = file + 1;
		:
	} else {
		command = file + CGIBIN_PREFIX_LEN + 1;
		:
	}
	argv[ix++] = command;		<-- command points file + n.
	:
	free(file);
	:
	switch (fork()) {
	        :
	case 0:
		:
		if (-1 == execve(path, argv, envp))	<-- accesses free()-ed memory.
		:
	}
Thanks,
--
kiyohara
Home |
Main Index |
Thread Index |
Old Index