Programming => Networking and Web Programming => Topic started by: gucao on August 30, 2021, 10:04:22 am

Title: [Solved]fphttpserver signal 11
Post by: gucao on August 30, 2021, 10:04:22 am
from Translation tools
Some attackers send malicious requests that cause the variable L in Figure 1 to be less than 0, and the program receives Signal11 to terminate. I added two lines of code as shown in Figure 2 to replicate the process.I don't know why, but I solved the problem as shown in Figure 3, and everything seemed to work.

ps:The operating system used is Debian  lazarus2.0.10

Title: Re: [Solved]fphttpserver signal 11
Post by: Leledumbo on September 17, 2021, 07:10:54 am
Signal 11 is SIGSEGV, which indicates an invalid memory access. If your two lines fixed it, it means FBuffer was nil or something garbage.

Please test first with latest FPC 3.2.2 and if still happens, file a bug report with request (both header and body) that can trigger this behavior. From the code, I can see that FBuffer is initialized and filled by ReadString, which is called by ReadRequestHeaders, which is quite well guarded by using ReadBufLen which is a const, return value of FSocket.Read is checked for negative value and if false the buffer is then adjusted accordingly. BUT, it didn't check for 0, which MIGHT be possible and SetLength with length parameter set to 0 is the same as setting it to nil.
Title: Re: [Solved]fphttpserver signal 11
Post by: gucao on September 18, 2021, 01:42:00 pm
CN:我已经提交了一个bug 有开发人员已经修复了这个问题
TransTool:I have submitted a bug that has been fixed by the developers
TinyPortal © 2005-2018