libmicrohttpd 0.9.59 crash
zhangxinlong633 opened this issue · comments
Hi
I'm use ulfius rest api server. and it use libmicrohttpd 0.9.59 in centos8.2.
when nessus scanning my servers, I have five servers, all crash. backtrace is similar.
backtrace like this:
(gdb) bt
#0 0x00007f7d53032af1 in free () from /lib64/libc.so.6
#1 0x00007f7d52561dc5 in free_unmarked () from /lib64/libmicrohttpd.so.12
#2 0x00007f7d52562c86 in MHD_destroy_post_processor () from /lib64/libmicrohttpd.so.12
#3 0x00007f7d54de98f6 in mhd_request_completed () from /usr/local/lib/libulfius.so
#4 0x00007f7d52553f60 in MHD_connection_close_ () from /lib64/libmicrohttpd.so.12
#5 0x00007f7d5255404b in process_header_line () from /lib64/libmicrohttpd.so.12
#6 0x00007f7d52555cbf in MHD_connection_handle_idle () from /lib64/libmicrohttpd.so.12
#7 0x00007f7d52557ade in call_handlers () from /lib64/libmicrohttpd.so.12
#8 0x00007f7d5255b115 in thread_main_handle_connection () from /lib64/libmicrohttpd.so.12
#9 0x00007f7d533772de in start_thread () from /lib64/libpthread.so.0
#10 0x00007f7d530a8e83 in clone () from /lib64/libc.so.6
Can I upgrade libmicrohttpd from 0.9.59 to 0.9.71 to solve this problem? or 0.9.71 also will be crash?
I can't run nessus again, because of nessus in product env. I don't have permission to run this software.
Version 0.9.59 is too old and is know to have bugs which are fixed later.
I suggest to update to the latest version 0.9.72. You can easily build it from sources.
thanks for reply. But I can't find 0.9.72 from tags, 0.9.71 is latest. Can I use this version ?
Tags have been updated, however it's recommended to always download release tarball from the official FTP: https://ftp.gnu.org/gnu/libmicrohttpd/
The direct link to the version 0.9.72: https://ftp.gnu.org/gnu/libmicrohttpd/libmicrohttpd-0.9.72.tar.gz
I don't recommend to use version 0.9.71 as version 0.9.72 contains many improvements and fixes.
thanks.