Bug #2146: fix mod_proxy_backend_http vulnerability - Lighttpd - lighty labs

Actions

Copy link

Bug #2146

closed

fix mod_proxy_backend_http vulnerability

Added by liming almost 15 years ago. Updated over 8 years ago.

Status:

Obsolete

Priority:

Normal

Category:

mod_proxy_backend_http

Target version:

1.5.0

ASK QUESTIONS IN Forums:

Description

If the http-backend sends back an invalid response, like:

HTTP/1.1 200 OK
...
Transfer-Encoding: chunked
...

\0\r\n
1111111111111111......

Of course, the chunk-length "\0" is not valid. However, lighttpd trapped into an endless loop at the monent. It cannot serve any more, and its cpu usage is up to 100%.

In this case, mod_proxy_backend_http should just stop, and return HANDLER_FINISHED.

Files

mod_proxy_backend_http.c.patch (1.11 KB) mod_proxy_backend_http.c.patch

liming, 2010-01-06 08:42

History
Property changes

Actions

Copy link

Updated by gstrauss over 8 years ago

Missing in 1.5.x changed from No to Yes

Actions

Copy link

Updated by gstrauss over 8 years ago

Status changed from Patch Pending to Obsolete

Actions

Copy link

Also available in: Atom

Project

General

Profile

Lighttpd

Custom queries

Bug #2146

fix mod_proxy_backend_http vulnerability

Updated by gstrauss over 8 years ago

Updated by gstrauss over 8 years ago