Project

General

Profile

[Abandoned] Bug in processing chunked stream found in release 1.5.0-2349

Added by vishwas_rv almost 15 years ago

I found a bug in mod_proxy_backend_http.c. Please ignore if this has already been fixed.

In function proxy_http_parse_chunked_stream. The comparison "(size_t)(offset) < (c->mem->used 1)" will not work if mem>used is 0, because the size_t conversion seems to cast it to an unsigned and -1 is now a large positive number as a result the code inside the for loop segfaults.

Thanks,
Vishwas


Replies (1)

RE: [Abandoned] Bug in processing chunked stream found in release 1.5.0-2349 - Added by gstrauss about 7 years ago

lighttpd 1.5.x development branch has been abandoned.

    (1-1/1)