At Mon, 09 Feb 2004 15:22:34 +0100, Igor Zlatkovic <igor zlatkovic com> wrote:
Thanks for your quick response...But it still crushes! More strict checking seems to be required.Okay, my mistake. Didn't look good enough. The patch attached to this mail solves the issue.
Fixed. Thanks. I noticed `xmlNanoHTTPScanProxy' also has the problem. The patch attached to this mail solves it too (hopefully). (It defines XML_NANO_HTTP_URL_LENGTH instead of a magic number 4096 ;-) By the way, this bug causes a buffer overflow, doesn't it? I'm worrying this may allow remote attackers to embed a long URL in the XML file (or something like that which kicks nanohttp) to execute illegal codes. If so, I think fixed version should be released and announced to the developers. Thanks, -- Yuuichi Teranishi <teranisi gohome org> GPG Public Key: http://www.gohome.org/gpg/teranisi.asc "There's nothing you can do that can't be done..."
Attachment:
nanohttp.c.diff
Description: Binary data