Standards Based Linux Instrumentation / Bugs / #1958 httpAdapter can crash on bad content length

#1958 httpAdapter can crash on bad content length

Milestone: Security

Status: closed-fixed

Owner: Chris Buccella

Labels: sfcb (1090)

Component:

Priority: 7

Updated: 2010-07-14

Created: 2010-05-14

Creator: Chris Buccella

Private: No

httpAdapter contains a heap overflow that is caused by an HTTP request with the Content-Length value being smaller than the actual size of the payload. The affect of this bug can cause the handling HTTP process to crash. If the request is specially crafted, arbitrary code execution could occur.

Discussion

Chris Buccella - 2010-05-14

patch for 1.3

sfcb-http-bad-content_length.patch

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Chris Buccella - 2010-05-14

status: open --> pending-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Chris Buccella - 2010-05-14

committed to CVS HEAD and git master

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

SourceForge Robot - 2010-07-14

status: pending-fixed --> closed-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

SourceForge Robot - 2010-07-14

This Tracker item was closed automatically by the system. It was
previously set to a Pending status, and the original submitter
did not respond within 60 days (the time period specified by
the administrator of this Tracker).

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

httpAdapter can crash on bad content length

Group

Searches

Help

#1958 httpAdapter can crash on bad content length

Discussion