Re: apache chunked encoding

From: David Bernick (bernzat_private)
Date: Thu Jun 20 2002 - 12:48:53 PDT

  • Next message: Peter Mueller: "RE: procmail heap overflow"

    >
    >
    >I was playing a bit with chunked encoding vulnerability and found the
    >following. When I send a request to Apache 1.3.24 using malformed
    >chunked encoding, httpd process goes into infinite loop and CPU load
    >grows to 100%. Example:
    >  
    >
    I've tried it with 1.3.23 - 1.3.26 on Linux on both X86 and Alpha.
    With 5000 'A' characters, a segmentation fault is spawned from a child 
    process.
    [Thu Jun 20 20:05:31 2002] [notice] child pid 27769 exit signal 
    Segmentation fault (11)
    
    this uses SOME resources, but nothing alarming. putting a larger array 
    of characters, let's say 9000, throws
    xxx.xx.xx.xx - - [20/Jun/2002:20:10:07 -0400] "POST http://xxxxxx.xxx 
    HTTP/1.1" 400 59 "-" "-"
    
    If I put your code into a loop, it uses up tons of resources on the 
    target server, but a single request does very little, at least on my end.
    
    d
    
    -- 
    David Bernick
    bernzat_private
    
    Any excuse will serve a tyrant.
    		-- Aesop
    



    This archive was generated by hypermail 2b30 : Thu Jun 20 2002 - 13:49:07 PDT