CVSROOT: /cvs Module name: src Changes by: [email protected] 2026/02/02 06:37:33
Modified files:
usr.sbin/httpd : server_http.c
Log message:
In server_read_httpchunks() do not blindly enable the bufferevent.
This leads to a use-after-free since the bev->readcb() call could free
the memory holding the bev right before the bufferevent_enable() call.
Reported by Pontus Stenetorp.
OK florian@ rsadowski@
