Bug#1064107: cgilib does Segmentation fault when CGI parameter is duplicated

Sat, 17 Feb 2024 03:29:18 -0800 

Package: cgilib
Version: 0.6-1.1
The CGI library provided in the package "cgilib" will crash on a Segmentation fault when a CGI parameter name is used twice. (when used on a www server this will be seen by the user as a HTTP 500 error) 

Here is a demonstration program:

/* cgidemo.c */
#include <cgi.h>
#include <stdio.h>
s_cgi *cgi;

int main (int argc, char **argv) {
        char *a;
        cgi = cgiInit();
        a = cgiGetValue(cgi,"a");
        printf("Content-type: text/plain\n\na=%s\n",a);
        return 0;
}

It can be tested locally, without installing it on a www server:

$ gcc -o cgidemo cgidemo.c -lcgi
$ ./cgidemo
(offline mode: enter name=value pairs on standard input)
Content-type: text/plain

a=(null)
$ ./cgidemo
(offline mode: enter name=value pairs on standard input)
a=1
Content-type: text/plain

a=1
$ ./cgidemo
(offline mode: enter name=value pairs on standard input)
a=1
a=2
Segmentation fault
$


As seen on the last example, when I entered the parameter "a" twice I 
got a Segmentation fault.


On a www server this happens too, but then it's more difficult to debug.
Here is an example log from apache2, using the ScriptLog:

%% [Sat Feb 17 11:04:19 2024] GET /cgidemo?a=1&a=2 HTTP/1.1
%% 500 /bin/cgidemo/cgidemo
%request
Host: 1190.botcastle1a
Connection: keep-alive
Upgrade-Insecure-Requests: 1

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, 
like Gecko) Chrome/90.0.4430.212 Safari/537.36
Accept: 
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9

Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: style_cookie=printonly
%response

I can observe it both on Debian 10 amd64 and Debian 11 armv7l


Linux balt4 4.19.0-6-amd64 #1 SMP Debian 4.19.67-2+deb10u1 (2019-09-20) 
x86_64 GNU/Linux



lrwxrwxrwx 1 root root 12 Mar 15  2022 /lib/i386-linux-gnu/libc.so.6 -> 
libc-2.28.so
lrwxrwxrwx 1 root root 12 Mar 15  2022 /lib/x86_64-linux-gnu/libc.so.6 
-> libc-2.28.so



Linux botcastle1 5.10.0-11-armmp-lpae #1 SMP Debian 5.10.92-1 
(2022-01-18) armv7l GNU/Linux



lrwxrwxrwx 1 root root 12 Oct  2  2021 
/lib/arm-linux-gnueabihf/libc.so.6 -> libc-2.31.so



Version of cgilib is 0.6-1.1















    











					Reply via email to