Weblog

25 February 2011, 13:01

A bug has been found in version 7.4 of the Hiawatha webserver, which could lead to a server crash. This is caused by an integer overflow in the routine that reads the HTTP request. A too big value of the Content-Length HTTP header leads to this overflow.

To fix the bug, replace

if (content_length < 0) {
at line 421 in hiawatha.c with
if ((content_length < 0) ||
    (INT_MAX - content_length - 2 <= header_length)) {
thomasba
25 February 2011, 14:06
I had to add:
#include <limits.h>
C-S
25 February 2011, 14:33
Thanks for the patch. I just updated the FreeBSD port with it.
cwadge
27 February 2011, 03:05
The Debian port is updated as well.
celilo
2 March 2011, 09:36
Arch package updated in AUR.