search

babelouest / ulfius

Web Framework to build REST APIs, Webservices or any HTTP endpoint in C language. Can stream large amount of data, integrate JSON data with Jansson, and create websocket services
https://babelouest.github.io/ulfius
GNU Lesser General Public License v2.1
1.08k stars 182 forks source link

[Issue]A use after free bug in src/ulfius.c #262

Closed ShangzhiXu closed 1 year ago

ShangzhiXu commented 1 year ago

Describe the issue I found a UAF bug in ulfius.c, in function ulfius_webservice_dispatcher

To Reproduce Found it by static analysis~

Expected behavior In function ulfius_webservice_dispatcher at line 628, o_free(response); will be called, but after that, there are many uses of the variable response, I'm wondering if it might lead to some UAF bugs

System (please complete the following information):

babelouest commented 1 year ago

Thanks, it's fixed in https://github.com/babelouest/ulfius/commit/c5da4b2fb700acf18761d4c2ded352c052b9861b