Project

General

Profile

Bug #2003

ssl remote crash

Added by nitrox over 10 years ago. Updated over 10 years ago.

Status:
Fixed
Priority:
Urgent
Assignee:
-
Category:
core
Target version:
Start date:
2009-06-10
Due date:
% Done:

100%

Estimated time:
Missing in 1.5.x:

Description

If your lighttpd accepts ssl connections it it possible to crash it remotely via

echo foobar | openssl s_client -connect yourip:443 -ign_eof

fix-ssl-dos.patch (686 Bytes) fix-ssl-dos.patch stbuehler, 2009-06-10 06:28

Related issues

Has duplicate Bug #1873: a core-bug caused by incomplete https requestFixed2009-01-15

Actions

Associated revisions

Revision 2513 (diff)
Added by stbuehler over 10 years ago

Fix segfault with openssl (DoS, fixes #2003)

History

#1

Updated by stbuehler over 10 years ago

#2

Updated by stbuehler over 10 years ago

  • Status changed from New to Fixed
  • % Done changed from 0 to 100

Applied in changeset r2513.

#3

Updated by stbuehler over 10 years ago

This is btw 1.5 only.

Also available in: Atom