CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2023/07/12 06:46:01
Modified files:
usr.sbin/httpd : Tag: OPENBSD_7_3 httpd.h server.c server_fcgi.c
Log message:
Work around use after free in httpd(8)
A malformed HTTP request can cause httpd in fastcgi mode to crash due to a
use-after-free. This is an awful hack, but it's good enough until someone
figures out the correct way of dealing with server_close() here.
Reported by Jesper Wallin <jesper () ifconfig.se>
"this will do the trick for now" claudio
ok beck deraadt
