That was fast! I have to say thank you. Best wishes Markus
-------- Weitergeleitete Nachricht -------- Von: Christian Grothoff <groth...@gnunet.org> Antwort an: libmicrohttpd development and user mailinglist < libmicrohttpd@gnu.org> An: libmicrohttpd@gnu.org Betreff: Re: [libmicrohttpd] libmicrohttpd 0.9.71 released Datum: Fri, 11 Sep 2020 22:09:46 +0200 Hi Markus, Thanks for reporting, fixed in c7fce141..16c13329. Happy hacking! -Christian On 9/11/20 2:04 PM, Markus Doppelbauer wrote: > Hello, > The percent-encoded post-processor (current git ) segfaults.ASAN > reports: global-buffer-overflowA testcase is attached. > Best wishesMarkus > > > -------- Weitergeleitete Nachricht --------*Von*: Christian Grothoff > <groth...@gnunet.org > <mailto:christian%20grothoff%20%3cgroth...@gnunet.org%3e>>*Antwort > an*: libmicrohttpd development and user mailinglist< > libmicrohttpd@gnu.org > <mailto: > libmicrohttpd%20development%20and%20user%20mailinglist%20%3clibmicroht...@gnu.org > %3e>>*An*: libmicrohttpd <libmicrohttpd@gnu.org > <mailto:libmicrohttpd%20%3clibmicroht...@gnu.org%3e>>*Betreff*: > [libmicrohttpd] libmicrohttpd 0.9.71 released*Datum*: Sun, 28 Jun > 2020 22:04:49 +0200 > Dear all, > > I'm happy to announce the release of GNU libmicrohttpd 0.9.71. > > This release fixes a potential buffer overflow and is thus considered > a > security release. Please upgrade as soon as possible. Thanks to > Nicolas > Mora for finding and reporting the issue. > > Additionally, the release fixes the following issues: > > * Proper uncorking with GnuTLS to ensure 'last bytes' are > transmitted over TLS connections even if we are congested > * Fixes wrong values returned by PostProcessor given certain > parser boundaries > * Improved documentation, fixed spelling mistakes > * Fixed several socket handling issues on OS X > > Furthermore, the release introduces an 'enum MHD_Result' instead of > #defines for MHD_YES/MHD_NO. This is intended to make it easier to > check > for certain API misuse bugs by providing better types (not everything > is > an 'int'). While this does NOT change the binary API, this change > _will_ cause compiler warnings for all legacy code -- until 'int' is > replaced with 'enum MHD_Result'. > > If you want your code to build without warnings on both older and > newer > MHD releases, you may want to introduce a MHD_RESULT as done here: > > https://git.gnunet.org/gnunet.git/tree/src/include/gnunet_mhd_compat.h > > > > That said, this being a security release it may be a good time to not > build nicely against older versions. > > > Happy hacking! > > Christian >
