On Thu, 4 May 2017 23:36:23 +0300
Evgeny Grin wrote:
> Thanks! Applied.
>
Hello Evgeny,
After thinking about the issue, I guess that it is a serious
vulnerability.
I guess that a simple curl request to a server running 0.52 or 0.53 can
raise the SEGV.
IMHO if
curl http://www.myserver.org/
Thanks! Applied.
--
Best Wishes,
Evgeny Grin
On 04.05.2017 22:58, José Bollo wrote:
> When a connection upgrade is requested and when the
> request sent an error reply, the response is most of
> the time already sent when the test on
> connection->response->upgrade_handler is made, leading
> to
When a connection upgrade is requested and when the
request sent an error reply, the response is most of
the time already sent when the test on
connection->response->upgrade_handler is made, leading
to dereferencing NULL.
Two possibilities exist:
NULL == connection->response || NULL == connecti
