Shaun2k2 Palmhttpd Server Remote Denial of Service Vulnerability

Solution:
The vendor has released the following patch to address this issue:
---httpd.patch
--- httpd.c 2004-01-14 17:21:41.000000000 +0000
+++ httpd.1.c 2004-02-08 17:13:33.000000000 +0000
@@ -391,8 +391,15 @@
NetLibAddrINToA(AppNetRefnum,
ifinfo.param.interfaceInfo.ipAddr, host);
printf("Listening on %s\n", host);

- while (1) {
- if (f) {
+ /* Here is where the bug manifests: PalmOS can
only take 1 client
+ * connection (according to even the PalmOS
programming documentation),
+ * but this loop accept()s connections forever.
The loop is now commented
+ * out, fixing the bug.
+ * -Shaun2k2
+ */
+
+ /*while (1) {*/
+ if (f) {
xclose(f);
f = NULL;
}
@@ -507,7 +514,7 @@
}

printf("stopped\n");
-}
+/*}*/

char html0[] = "HTTP/1.0 200 OK\nMIME-version:
1.0\nContent-type: %s\n\n";
---



 

Privacy Statement
Copyright 2010, SecurityFocus