libmicrohttpd 0.9.59 crash

[zhangxinlong633]

Hi I'm use ulfius rest api server. and it use libmicrohttpd 0.9.59 in centos8.2. when nessus scanning my servers, I have five servers, all crash. backtrace is similar. backtrace like this:

(gdb) bt
#0  0x00007f7d53032af1 in free () from /lib64/libc.so.6
#1  0x00007f7d52561dc5 in free_unmarked () from /lib64/libmicrohttpd.so.12
#2  0x00007f7d52562c86 in MHD_destroy_post_processor () from /lib64/libmicrohttpd.so.12
#3  0x00007f7d54de98f6 in mhd_request_completed () from /usr/local/lib/libulfius.so
#4  0x00007f7d52553f60 in MHD_connection_close_ () from /lib64/libmicrohttpd.so.12
#5  0x00007f7d5255404b in process_header_line () from /lib64/libmicrohttpd.so.12
#6  0x00007f7d52555cbf in MHD_connection_handle_idle () from /lib64/libmicrohttpd.so.12
#7  0x00007f7d52557ade in call_handlers () from /lib64/libmicrohttpd.so.12
#8  0x00007f7d5255b115 in thread_main_handle_connection () from /lib64/libmicrohttpd.so.12
#9  0x00007f7d533772de in start_thread () from /lib64/libpthread.so.0
#10 0x00007f7d530a8e83 in clone () from /lib64/libc.so.6

Can I upgrade libmicrohttpd from 0.9.59 to 0.9.71 to solve this problem? or 0.9.71 also will be crash? I can't run nessus again, because of nessus in product env. I don't have permission to run this software.

[Karlson2k]

Version 0.9.59 is too old and is know to have bugs which are fixed later.

I suggest to update to the latest version 0.9.72. You can easily build it from sources.

[zhangxinlong633]

thanks for reply. But I can't find 0.9.72 from tags, 0.9.71 is latest. Can I use this version ?

[Karlson2k]

Tags have been updated, however it's recommended to always download release tarball from the official FTP: https://ftp.gnu.org/gnu/libmicrohttpd/

The direct link to the version 0.9.72: https://ftp.gnu.org/gnu/libmicrohttpd/libmicrohttpd-0.9.72.tar.gz

I don't recommend to use version 0.9.71 as version 0.9.72 contains many improvements and fixes.

[zhangxinlong633]

thanks.