lighttpd -- remote DoS in header parsing

ID 1CD3CA42-33E6-11E2-A255-5404A67EEF98
Type freebsd
Reporter FreeBSD
Modified 2012-11-17T00:00:00


Lighttpd security advisory reports:

Certain Connection header values will trigger an endless loop, for example: "Connection: TE,,Keep-Alive" On receiving such value, lighttpd will enter an endless loop, detecting an empty token but not incrementing the current string position, and keep reading the ',' again and again. This bug was introduced in 1.4.31, when we fixed an "invalid read" bug (it would try to read the byte before the string if it started with ',', although the value wasn't actually used).