Comments (3)
bel2125
commented on June 10, 2024
What version of the server did you use ?
I will need some information to be able to reproduce this locally. What exactly is the screenshot above showing?
is this a memory dump from the network package?
'/backup-restore' is a C handler function calling mg_handle_form_request ?
from civetweb.
Whips66
commented on June 10, 2024
Sorry - That was a Friday end of the day post.
Hi it is version 1.16 of the server
Sorry I did not explain very well . The screen shot is Wireshark capture of the badly formed data I was sending to Civetweb embedded in one of our software products.
The /backup-restore is the URL that I have a handler installed for but it did not get to my handler.
When I fixed my javascript to correctly format the post request I did not encounter any issues.
I will see if I can produce a minimal example that cause the problem.
As a work around I added a check for NULL and that stopped the crash
from civetweb.
bel2125
commented on June 10, 2024
If you know how the request exactly looks like, it might be possible to send it with "netcat".
I can do this myself, if I know the exact byte sequence sent.
Also, I can try if this is possible to find using a fuzz test - actually there is a fuzz test for CivetWeb, but it did not find this issue (yet).
from civetweb.
Related Issues (20)
- Why are the test examples in .xhtml? HOT 1
- Are there recommended ways to get OpenSSL support for Android? HOT 4
- CodeQL not working HOT 1
- Manual did not mention preparations for OpenSSL support?
- example client showing unrecognized chars in "Content" HOT 1
- Integer overflow (leading to stack-based buffer overflow) in embedded lua_struct.c HOT 7
- Here is a negation overflow in lua HOT 5
- Can't get index.lua file working on Linux. HOT 2
- mg.redirect and mg.send_http_redirect fall in an infinite loop
- strtod() in civetweb 1.16. HOT 5
- mg_set_request_handler callback function is hit after 10-20seconds of receiving the http get request HOT 1
- Array overrun is possible. The '1' index is pointing beyond array bound. HOT 2
- At least ws_server.c contains code, which is not supported on Android > NDK 23 HOT 5
- Feature request: Allow the specification of multiple directories for fallback_document_root HOT 3
- When I refreshed the web page, a segmentation fault occurred in the program. HOT 1
- Calling the correct handler for uri HOT 1
- Missing mg_start2.md document
- socket memory buffer HOT 1
- how to remove the header and footer while using mg_read HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from civetweb.