[pkg-lighttpd] Bug#857255: lighttpd: mod_scgi: out of bounds read in scgi_demux_response

Helmut Grohne helmut at subdivi.de
Thu Mar 9 12:42:04 UTC 2017

Control: tags -1 - security
Control: severity -1 minor

On Thu, Mar 09, 2017 at 11:08:36AM +0100, Stefan Bühler wrote:
> Since a buffer-API-refactoring some time ago all buffers should be
> NUL-terminated.  I.e. if `*c == '\n'` is true `c` must not point to the
> last character of the buffer.

Indeed. I originally found it in an older version and figured that it
should be reported as the mod_scgi.c source was unchanged in this
regard. I'm happy to hear that it doesn't affect current versions. I
understand that upgrading is recommended.


More information about the pkg-lighttpd-maintainers mailing list