Hi, There is a new version of bozohttpd on sid/unstable now which fixes at least one segfault. Can you try it and let me know if it works better?
Regards, Mattias From: Andrew Petrov [mailto:aypet...@yandex.ru] Sent: 4. tammikuuta 2012 21:46 To: Mattias Nordström Cc: 654...@bugs.debian.org Subject: Re: Bug#654314: bozohttpd segfault, ERROR 4 Hey, I have at least two scenarios. First one - with not revealed request: === Cut === Jan 4 10:55:56 pump bozohttpd[18788]: connect from 50.19.170.255 (50.19.170.255) Jan 4 10:55:56 pump kernel: [2591555.287417] bozohttpd[18788]: segfault at 0 ip 000000000040829d sp 00007fff47530a90 error 4 in bozohttpd[400000+11000] === Cut === Another one is with a wrong-formed request: === Cut === Jan 3 22:13:36 pump bozohttpd[18821]: connect from 85.16.80.14 (85.16.80.14) Jan 3 22:13:38 pump bozohttpd[18821]: got request ``▀ф_▄Ь#023Й#035phФ.F0V¤iEЄoыйCMMk╤XЫгрJлнQм'' from host dyndsl-085-016-080-014.ewe-ip-backbone.de to port 80 Jan 3 22:13:38 pump kernel: [2545817.704187] bozohttpd[18821]: segfault at 0 ip 000000000040829d sp 00007fff2c98faa0 error 4 in bozohttpd[400000+11000] === Cut === The same: === Cut === Jan 3 22:16:16 pump bozohttpd[18974]: connect from 84.62.30.172 (84.62.30.172) Jan 3 22:16:22 pump bozohttpd[18974]: got request ``│пD}╗╖ф4wл▓yЎ%─.нМAb#006▄=#001°┌1у#025┘╗%╛╥xmЧ'' from host dslb-084-062-030-172.pools.arcor-ip.net to port 80 Jan 3 22:16:22 pump kernel: [2545981.149443] bozohttpd[18974]: segfault at 0 ip 000000000040829d sp 00007fffe2f86a70 error 4 in bozohttpd[400000+11000] === Cut === So we have some junk as an HTTP request here. I hope it is a result of malicious program/bot-net activity. Also I guess the first case is the same as second and third but bozohttpd get crashed before it does log the request. So this is not a script problem but something like buffer overflow vulnerability. Anycase, bozohttpd has to handle this situation properly. Please let me know if I can help you with tests/diagnostics. Thanks, Andrew 04.01.2012, 12:53, "Mattias Nordstrm" <mattias.nordst...@sysnor.fi<mailto:mattias.nordst...@sysnor.fi>>: Hi, Are you able to check your logs, what are you accessing when the segfault happens? A static webpage or is it maybe a CGI script that causes it? If it is a CGI script it may be that script which does something wrong. Regards, Mattias Nordstrom
