oss-sec mailing list archives
Re: siege: off-by-one in load_conf()
From: Seth Arnold <seth.arnold () canonical com>
Date: Tue, 14 Jul 2015 13:11:52 -0700
On Tue, Jul 14, 2015 at 09:17:04PM +0200, Agostino Sarubbo wrote:
Description: Siege is an http load testing and benchmarking utility. During the test of a webserver, I hit a segmentation fault. I recompiled siege with ASan and it clearly show an off-by-one in load_conf(). The issue is reproducible without passing any arguments to the binary.
Does load_conf() process any information from any untrusted sources? Has Siege processed any data from the network at this point? This sounds like a regular bug rather than a security boundary, unless I've misunderstood the application. Thanks
Attachment:
signature.asc
Description: Digital signature
Current thread:
- siege: off-by-one in load_conf() Agostino Sarubbo (Jul 14)
- Re: siege: off-by-one in load_conf() Seth Arnold (Jul 14)
- Re: siege: off-by-one in load_conf() Agostino Sarubbo (Jul 14)
- Re: siege: off-by-one in load_conf() Jason A. Donenfeld (Jul 20)
- Re: siege: off-by-one in load_conf() Agostino Sarubbo (Jul 14)
- Re: siege: off-by-one in load_conf() Seth Arnold (Jul 14)