NCSA httpd buffer overflow

Date: Fri, 8 May 1998 01:33:26 -0700
From: Renos <renosm@YAHOO.COM>
To: BUGTRAQ@NETSPACE.ORG
Subject: NSCA HTTPD (for Windows) bug.

Well, it seems that I found a bug in NCSA's httpd v1.4 (for Windows).
The bug can cause the server to crash. The problem seems to be that
the server has MAX_STRING_LEN defined to 256 characters. So, when a
client's request is larger than 256 characters the server crases.
I tested it on a PC running Windows 3.11, wich I believe are more
stable than Win95, with W32s driver. I TELNETed into the server on
port 80 (using 127.0.0.1 as the IP address). Then using the 'GET'
command I insert more than 256 characters. The server crashed showing
a message asking the user to terminate the program. I haven't try it
yet on other PC, but the problem it's the MAX_STRING_LEN, so it
doesn't make any differents.
The server crashes showing no messages to the clients screen. In the
Access Log files the client's request seems like a normal request nad
Ididn't found anything on Error Log file.I even tested with a Web
Browser calling a file with more than 256 characters and I had the
same results.
Since the server is not for commercial use the bug doesn't seem to be
serious. A fix would be to re-define MAX_STRING_LEN to a much bigger
number. As far as I know the Server Administrator cannot re-define
MAX_STRING_LEN.
Greetings
Renos




_________________________________________________________
DO YOU YAHOO!?
Get your free @yahoo.com address at http://mail.yahoo.com