Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do we crash systems, browsers, or otherwise bring things to a halt, and how do we protect those things? 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Dos privoxy users with css history hack.
Posted by: Foo
Date: March 31, 2007 01:36PM

I was just playing with Rsnake's history hack and I noticed that it crashes privoxy 3.0.3 when $sites is over (about) 65.

It looks like it hits some kind of length limit at list.c
Here is error message from privoxy.
privoxy: list.c:339: enlist: Assertion `list_is_valid(the_list)' failed.

source of list.c
http://www.google.com/codesearch?hl=en&q=show:fill6GOOqXg:FoYDbrtX5Rs:DBA2sjsoyWg&sa=N&ct=rd&cs_p=http://tor.eff.org/dist/privoxy-3.0.3-2-stable.src.tar.gz&cs_f=privoxy-3.0.3-stable/./list.c

Cheers

Foo

Options: ReplyQuote
Re: Dos privoxy users with css history hack.
Posted by: rsnake
Date: March 31, 2007 06:36PM

Interesting! That could be mitigated by adding a meta refresh to test 60 or so at a time, but it's interesting to note how easy it is to crash a plugin. What exactly happens when it crashes?

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Dos privoxy users with css history hack.
Posted by: Foo
Date: April 01, 2007 02:25PM

Privoxy just dies quietly (slackware 11)and user gets only plank page in the browser, nothing in logs etc, and you can't even look page source because nothing comes thru privoxy to the browser. Only bit of info shown to user is this "privoxy: list.c:339: enlist: Assertion `list_is_valid(the_list)' failed." in shell.

Options: ReplyQuote


Sorry, only registered users may post in this forum.