Re: [PATCH] Re: Possible Vulnerability in httpd.c

On 11/23/2016 03:29 PM, Denys Vlasenko wrote: > On Tue, Nov 22, 2016 at 5:07 PM, Rich Felker wrote: >>> Different projects choose their paranoias differently. >>> >From its inception, bbox was paranoid about code size. >>> >>> If you see an actual bug where buffer can overflow,

Re: [PATCH] Re: Possible Vulnerability in httpd.c

On Tue, Nov 22, 2016 at 5:07 PM, Rich Felker wrote: >> Different projects choose their paranoias differently. >> >From its inception, bbox was paranoid about code size. >> >> If you see an actual bug where buffer can overflow, >> I'm more than willing to fix it. >> >> But if

Re: [PATCH] Re: Possible Vulnerability in httpd.c

On Tue, Nov 22, 2016 at 02:30:50AM +0100, Denys Vlasenko wrote: > On Mon, Nov 21, 2016 at 8:18 PM, Simon Rettberg > wrote: > > On Mon, 21 Nov 2016 20:37:14 +0200 > > Timo Teras wrote: > >> > >> It is still good practice to fill it with

Re: [PATCH] Re: Possible Vulnerability in httpd.c

On Mon, Nov 21, 2016 at 8:18 PM, Simon Rettberg wrote: > On Mon, 21 Nov 2016 20:37:14 +0200 > Timo Teras wrote: >> >> It is still good practice to fill it with snprintf. If this is done, >> proper error checking should be done to check the

Re: [PATCH] Re: Possible Vulnerability in httpd.c

On Mon, 21 Nov 2016 20:37:14 +0200 Timo Teras wrote: > > It is still good practice to fill it with snprintf. If this is done, > proper error checking should be done to check the final 'len' that it > does not exceed IOBUF_SIZE or you have information leak bug (since >

Re: [PATCH] Re: Possible Vulnerability in httpd.c

Am 21.11.2016 um 18:08 schrieb walter harms: the only reason we need to buffer everything is because of IE whatever. Can someone confirm that this is still needed ? AFAIK this was a valid issue until IE6. IE versions 7 and up should have no problems with headers plus small HTML page in one

Re: [PATCH] Re: Possible Vulnerability in httpd.c

On Mon, 21 Nov 2016 18:08:39 +0100 walter harms wrote: > but i have an other question, based to the comments in the code: > > * The arguments are combined and sent as one write operation. Note > that > * IE will puke big-time if the headers are not sent in one packet > and the

Re: [PATCH] Re: Possible Vulnerability in httpd.c

Nice, but i have an other question, based to the comments in the code: * The arguments are combined and sent as one write operation. Note that * IE will puke big-time if the headers are not sent in one packet and the * second packet is delayed for any reason. the only reason we need to

[PATCH] Re: Possible Vulnerability in httpd.c

On 2016-11-21 09:53, Raphael de Carvalho Muniz wrote: We understand that the resulting program may have vulnerabilities when the macro "#if ENABLE_FEATURE_HTTPD_RANGES" is enabled, by the fact of utilization that sprintf() function. Second the CWE Project, is the classified by CWE-134, where