Package: libgcgi-dev
Severity: important
Tags: upstream

Dear Maintainer,

I have foudn a crashing bug inlibgcgi, when used with Ubuntu 14.04, compiling 
with either gcc 4.84 or clang 3.4

The bug appears when handling form data with the multi/form-data encoding.

To demnstrate the bug, comiple from source on the target system, and try 
running examples/gcgiFileUploadTest.
The programme will terminate with a segfault. I expect the same outcome on any 
reasonably modern system.
Compiling with -O0 allows the application to run, but either -O1 or -O2 shows 
the segfault.

The bug seems to be due to a mistake in src/mime.c, round line 442 in 
mimeParseContentDescription. The line

  for(q=text, *q != '\r' && q < offest; p++);

is clearly wrong, and should be 

  for(q=text; *q != '\r' && q < offset; q++);

The original leads to heap corruption, which casues a crash much later in 
unrelated parts of the code.

I don't know if the defect is exploitable beyond denial of service.

I can provide a minimal patch (the one byte change above), and a more extensive 
patch to clean up most of the 
other compiler warnings from clang 3.4.

-- System Information:
Debian Release: jessie/sid
  APT prefers trusty-updates
  APT policy: (500, 'trusty-updates'), (500, 'trusty-security'), (500, 
'trusty'), (100, 'trusty-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-38-generic (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Reply via email to