On Wed, Jul 12, 2023 at 06:37:28AM -0600, Theo Buehler wrote: > CVSROOT: /cvs > Module name: src > Changes by: [email protected] 2023/07/12 06:37:28 > > Modified files: > usr.sbin/httpd : httpd.h server.c server_fcgi.c > > Log message: > Work around use after free in httpd(8) > > A malformed HTTP request can cause httpd in fastcgi mode to crash due to a > use-after-free. This is an awful hack, but it's good enough until someone > figures out the correct way of dealing with server_close() here. > > "this will do the trick for now" claudio > ok beck deraadt >
This was reported a while ago by Jesper Wallin <jesper () ifconfig.se>
