Package: siege
Version: 2.61-1
Severity: normal
Tags: patch
Multiple bugs. First about not having understood how HTTP headers are
contructed ("=" instead of ":" as separator). Checking the validity of
values is, of course, beyond the thought anyway.
--- siege_orig/siege-2.61/src/http.c 2004-11-19 15:47:21.000000000
+0100
+++ siege/siege-2.61/src/http.c 2005-09-19 17:47:18.119287505 +0200
@@ -374,7 +374,11 @@
else{
h->auth.type.proxy = BASIC;
}
- tmp = strchr( line, '=' );
+ tmp = strchr( line, ':' );
+ if (tmp == NULL) {
+ printf("I shat myself so hard..\n");
+ return NULL;
+ }
tmp++;
if( tmp[0] == '"' ){ tmp++; tmp[strlen(tmp)-1] = '\0'; }
strncpy( h->auth.realm.proxy, tmp, strlen( tmp ));
And in hash.c we're also back to not checking bloody values.
--- siege_orig/siege-2.61/src/hash.c 2003-07-09 22:22:38.000000000
+0200
+++ siege/siege-2.61/src/hash.c 2005-09-19 18:04:19.990104391 +0200
@@ -182,6 +182,7 @@
int x;
NODE *node;
+ if (key == NULL) { return 1; }
x = hash_genkey( this->size, key );
for( node = this->table[x]; node != NULL; node = node->next ){
if( !strcmp( node->key, key )){
cheers,
&rw
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages siege depends on:
ii libc6 2.3.5-4 GNU C Library: Shared libraries an
ii libssl0.9.7 0.9.7e-3 SSL shared libraries
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
