Hi Markus, Thanks for reporting, fixed in c7fce141..16c13329.
Happy hacking! -Christian On 9/11/20 2:04 PM, Markus Doppelbauer wrote: > Hello, > > The percent-encoded post-processor (current git ) segfaults. > ASAN reports: global-buffer-overflow > A testcase is attached. > > Best wishes > Markus > > > > -------- Weitergeleitete Nachricht -------- > *Von*: Christian Grothoff <groth...@gnunet.org > <mailto:christian%20grothoff%20%3cgroth...@gnunet.org%3e>> > *Antwort an*: libmicrohttpd development and user mailinglist > <libmicrohttpd@gnu.org > <mailto:libmicrohttpd%20development%20and%20user%20mailinglist%20%3clibmicroht...@gnu.org%3e>> > *An*: libmicrohttpd <libmicrohttpd@gnu.org > <mailto:libmicrohttpd%20%3clibmicroht...@gnu.org%3e>> > *Betreff*: [libmicrohttpd] libmicrohttpd 0.9.71 released > *Datum*: Sun, 28 Jun 2020 22:04:49 +0200 > > Dear all, > > > I'm happy to announce the release of GNU libmicrohttpd 0.9.71. > > > This release fixes a potential buffer overflow and is thus considered a > > security release. Please upgrade as soon as possible. Thanks to Nicolas > > Mora for finding and reporting the issue. > > > Additionally, the release fixes the following issues: > > > * Proper uncorking with GnuTLS to ensure 'last bytes' are > > transmitted over TLS connections even if we are congested > > * Fixes wrong values returned by PostProcessor given certain > > parser boundaries > > * Improved documentation, fixed spelling mistakes > > * Fixed several socket handling issues on OS X > > > Furthermore, the release introduces an 'enum MHD_Result' instead of > > #defines for MHD_YES/MHD_NO. This is intended to make it easier to check > > for certain API misuse bugs by providing better types (not everything is > > an 'int'). While this does NOT change the binary API, this change > > _will_ cause compiler warnings for all legacy code -- until 'int' is > > replaced with 'enum MHD_Result'. > > > If you want your code to build without warnings on both older and newer > > MHD releases, you may want to introduce a MHD_RESULT as done here: > > > https://git.gnunet.org/gnunet.git/tree/src/include/gnunet_mhd_compat.h > > > > That said, this being a security release it may be a good time to not > > build nicely against older versions. > > > > Happy hacking! > > > Christian > >
signature.asc
Description: OpenPGP digital signature
