CVSROOT: /cvs
Module name: src
Changes by: be...@cvs.openbsd.org 2017/01/31 14:07:28
Modified files:
usr.sbin/httpd : Tag: OPENBSD_5_9 server_file.c
Log message:
A bug in the processing of range headers in httpd can lead to memory
exhaustion and possibly crash httpd.
This patch disables range header processing.
The problem is fixed in future versions of httpd (OpenBSD 6.1)
by changing the way the file size is determined.
found by Pierre Kim (pierre.kim.sec at gmail.com), thanks.
fix by sunil@
ok reyk@ sunil@ and beck@ danj@ tb@ and tj@ on the errata.
