CVSROOT: /cvs Module name: src Changes by: [email protected] 2026/02/02 06:44:21
Modified files:
usr.sbin/httpd : Tag: OPENBSD_7_7 server_http.c
Log message:
In server_read_httpchunks() do not blindly enable the bufferevent.
This leads to a use-after-free since the bev->readcb() call could free
the memory holding the bev right before the bufferevent_enable() call.
Reported by Pontus Stenetorp.
from clauio@; OK florian@ rsadowski@
this is errata/7.7/019_httpd.patch.sig
