Recent

Author Topic: [Solved]fphttpserver signal 11  (Read 788 times)

gucao

  • New member
  • *
  • Posts: 5
[Solved]fphttpserver signal 11
« on: August 30, 2021, 10:04:22 am »
cn:一些攻击者会发送恶意请求,导致图1中的变量L小于0,然后程序会收到signal11终止运行。我按照图2中的样子添加了两行代码,可以复现这个过程。我不知道原因,但是我用图3的方法来解决这个问题,好像一切正常了。
from Translation tools
Some attackers send malicious requests that cause the variable L in Figure 1 to be less than 0, and the program receives Signal11 to terminate. I added two lines of code as shown in Figure 2 to replicate the process.I don't know why, but I solved the problem as shown in Figure 3, and everything seemed to work.

ps:The operating system used is Debian  lazarus2.0.10


« Last Edit: September 02, 2021, 02:03:56 am by gucao »

Leledumbo

  • Hero Member
  • *****
  • Posts: 8386
  • Programming + Glam Metal + Tae Kwon Do = Me
Re: [Solved]fphttpserver signal 11
« Reply #1 on: September 17, 2021, 07:10:54 am »
Signal 11 is SIGSEGV, which indicates an invalid memory access. If your two lines fixed it, it means FBuffer was nil or something garbage.

Please test first with latest FPC 3.2.2 and if still happens, file a bug report with request (both header and body) that can trigger this behavior. From the code, I can see that FBuffer is initialized and filled by ReadString, which is called by ReadRequestHeaders, which is quite well guarded by using ReadBufLen which is a const, return value of FSocket.Read is checked for negative value and if false the buffer is then adjusted accordingly. BUT, it didn't check for 0, which MIGHT be possible and SetLength with length parameter set to 0 is the same as setting it to nil.

gucao

  • New member
  • *
  • Posts: 5
Re: [Solved]fphttpserver signal 11
« Reply #2 on: September 18, 2021, 01:42:00 pm »
https://gitlab.com/freepascal.org/fpc/source/-/issues/39330
CN:我已经提交了一个bug 有开发人员已经修复了这个问题
TransTool:I have submitted a bug that has been fixed by the developers

 

TinyPortal © 2005-2018