Y
Hacker News
new
|
ask
|
show
|
jobs
by
GSGBen
304 days ago
Found the issue - a use after free in send_response() if I close the session early due to an error. Was continuing to the next bit. Put a temp fix in place, will push a proper one later.
2 comments
GSGBen
304 days ago
Still seems to have an issue, but no output before the crash. Will have to do some more debugging. Thanks for the test HN!
Source is here btw:
https://github.com/GSGBen/unsafehttp/blob/main/src/main.c
link
Retr0id
304 days ago
hotfixing httpd UAFs is peak HN spirit :)
link
Source is here btw: https://github.com/GSGBen/unsafehttp/blob/main/src/main.c