Hello Purna, welcome to the list. :-) Could you try the MHD version 0.9.59? I'm not familiar with CentOS, but I think we can build latest MHD release easily from sources in that.
On Tue, May 22, 2018 at 3:30 AM, Purna Chandra Jena <purna.j...@gmail.com> wrote: > Hi, > > I am Purna from India. > I got this mailing list from libmicrohttpd info page and would like to > discuss with you about a crash that we are getting from libmicrohttpd > application during our security testing. > > Version we are using: libmicrohttpd-0.9.50-1.el7.centos.x86_64.rpm > <https://acos.alcatel-lucent.com/frs/download.php/36551/libmicrohttpd-0.9.50-1.el7.centos.x86_64.rpm> > > > Our application is using libmicrohttpd interface to receive http request. > When we are doing security testing on our application, we got a crash with > the following stack trace. > > Program received signal SIGSEGV, Segmentation fault. > > [Switching to Thread 0x7fff7279c700 (LWP 31873)] > > 0x00007ffff6add570 in MHD_http_unescape () from /lib64/libmicrohttpd.so.12 > > (gdb) bt > #0 0x00007ffff6add570 in MHD_http_unescape () from > /lib64/libmicrohttpd.so.12 > #1 0x00007ffff6ad6172 in MHD_connection_handle_idle () from > /lib64/libmicrohttpd.so.12 > #2 0x00007ffff6ad6c25 in call_handlers () from /lib64/libmicrohttpd.so.12 > #3 0x00007ffff6ad8d2e in MHD_handle_connection () from > /lib64/libmicrohttpd.so.12 > #4 0x00007ffff609ae25 in start_thread () from /lib64/libpthread.so.0 > #5 0x00007ffff5dc834d in clone () from /lib64/libc.so.6 > (gdb) > > Looking at the below statements, the crash is happening in method > *http_unescape*, possibly the webserver is trying to decode the received > messages which is not encoded already and its crashing I guess. Any > thoughts around this? > > > from google, i have seen that MHD_http_unescape () method is having > issues earlier, which is fixed in version 0.9.32. > > But we are still seeing this issue, even if we are using version 0.9.50. > > > Do you have any other suggestions for us to try out? > > > > Are we missing any other dependant library or configuration for > *libmicrohttpd*? > > Any help around this will be deeply appreciated. > > > -- > Regards > Purna > -- Silvio Clécio
