Andrew Bishop WWWOFFLE Negative Content-Length Buffer Overflow Vulnerability

Andrew Bishop WWWOFFLE Negative Content-Length Buffer Overflow Vulnerability

Solution:
The following patch was also submitted by qitest1 <qitest1@bespin.org>:
==8< wwwoffle-2.7b.patch
- --- wwwoffle-2.7b-old/src/parse.c Sat Mar 23 15:28:36 2002
+++ wwwoffle-2.7b/src/parse.c Fri Jul 12 16:52:46 2002
@@ -180,7 +180,7 @@
if(!strcmp("POST",(*request_head)->method) ||
!strcmp("PUT",(*request_head)->method))
{
- - if(length==-1)
+ if(length < 0)
{free(url);return(NULL);}

*request_body=CreateBody(length);
==8<

Fixes are available:

Andrew Bishop WWWOFFLE 2.6 b

SuSE wwwoffle-2.6b-63.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/wwwoffle-2.6b-63.i386.r pm

Andrew Bishop WWWOFFLE 2.6

SuSE wwwoffle-2.6-18.sparc.rpm
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/n2/wwwoffle-2.6-18.sparc. rpm

SuSE wwwoffle-2.6-20.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/wwwoffle-2.6-20.i386.rp m

SuSE wwwoffle-2.6-24.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n2/wwwoffle-2.6-24.ppc.rpm

SuSE wwwoffle-2.6-26.alpha.rpm
ftp://ftp.suse.com/pub/suse/axp/update/7.1/n2/wwwoffle-2.6-26.alpha.rp m

Andrew Bishop WWWOFFLE 2.6 d

SuSE wwwoffle-2.6d-207.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/wwwoffle-2.6d-207.ppc.rp m

SuSE wwwoffle-2.6d-298.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/wwwoffle-2.6d-298.i386. rpm

SuSE wwwoffle-2.6d-300.i386.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/wwwoffle-2.6d-300.i386. patch.rpm

SuSE wwwoffle-2.6d-300.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/wwwoffle-2.6d-300.i386. rpm

Andrew Bishop WWWOFFLE 2.7 b

Andrew Bishop wwwoffle-2.7c.tgz
ftp://ftp.demon.co.uk/pub/unix/httpd/wwwoffle-2.7c.tgz

Andrew Bishop WWWOFFLE 2.7

Andrew Bishop wwwoffle-2.7c.tgz
ftp://ftp.demon.co.uk/pub/unix/httpd/wwwoffle-2.7c.tgz

Andrew Bishop WWWOFFLE 2.7 a

Andrew Bishop wwwoffle-2.7c.tgz
ftp://ftp.demon.co.uk/pub/unix/httpd/wwwoffle-2.7c.tgz