httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 49406] New: malformed FastCGI response may overwrite heap
Date Tue, 08 Jun 2010 17:59:10 GMT

           Summary: malformed FastCGI response may overwrite heap
           Product: Apache httpd-2
           Version: 2.2.15
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: critical
          Priority: P2
         Component: mod_fcgid

Created an attachment (id=25551)
 --> (
Patch for the bug described

mod_fcgid may overwrite heap data in some rare cases.

In fcgid_bucket.c (Revision 816972 - current trunk):

The pointer arithmetic in line 99 should be bytewise but isn't. In the rare
case that "hasread" is != 0, the heap gets trashed, causing at least segfaults.

Found this by fuzzing.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message