There is a logical defect that causes a denial of service vulnerability

[zztytu]

src/http.c lines 156-165:

        if(compare_string_const(&protocol, C_HTTP[1])) {
            request->version = V1_1;
        }
        else if(compare_string_const(&protocol, C_HTTP[0])) {
            request->version = V1_0;
        }
        else {
            message_log("HTTP version unsupported", DEBUG);
            request->status = HTTP_VERSION_NOT_SUPPORTED;
        }

Code parses the version information in the HTTP protocol and assigns it to request->version，If the version is not 1.0/1.1, the value is unknown src/http.c lines 204-206:

int process_http_request(s_http_request *request, s_http_response *response) {

    response->version = request->version;

response->version will be unkown if the version is not 1.0/1.1 src/http.c lines 324-330:

s_string generate_bare_header(s_http_response *response) {
    s_string result;

    result.length = 0;
    result.position = NULL;

    const char *protocol = C_HTTP[response->version];

The code does not check the value of response->version, so it will access the memory area that does not exist in C_HTTP.For example,if the attacker sends the following message, the current process of the program will crash.

GET /test HTTP/1.9
Host: 127.0.0.1:9000
User-Agent: curl/7.64.0
Accept: */*
Connection: close

After sending multiple malicious requests, the program will be denied service due to all worker crashes

[Glorf]

Thanks for opening this issue! As you may see, the project is currently hold (but definitely not dead) I'll certainly address this issue when I'll have more time. If you want to use LEAR, and to have this issue fixed fast, consider opening pull request. I'm eager to help with that