We're an OEM and design and build a headless device which uses Windows
CE 5.0. The device is controlled by a PXA270 host processor; and our
BSP is a port of the MAINSTONEII BSP. Our Windows CE 5.0 is updated
through the end of 2009, having applied the "Windows CE 5.0 Cumulative
Product Update Rollup 2009". The device uses the web server technology
(ISAPI and ASP/JScript) Microsoft provides with Windows CE to serve
status as well as provide a remote control interface.
During a validation cycle, several devices which were connected to our
company network were inadvertently hit by a random vulnerability scan
run by our network services department. The devices hit by the scan
would no longer respond over their web interface; it was later
determined that a thread in the web server (httpd.dll) had experienced
a Data Abort.
The root cause of this Data Abort was an embedded NULL in the request
headers. Httpd.dll would Data Abort on line 293 in isapi.cpp. The
CHttpRequest::GetServerVariable() method assumes properly terminated
headers and a properly terminated header block; calls to strstr()
assume CRLF would be found and a valid pointer returned. The CRLF
search string is not found; and the NULL pointer returned is adjusted
to point beyond the search string and is then dereferenced, thus
causing the Data Abort.
A quick search of the PRIVATE/SERVERS/HTTP common source tree found
five (5) suspect calls to strstr() that do not check for a NULL
pointer before dereferencing or adjusting and dereferencing the
Almost two years ago, we needed to customize interrupt handling within
the kernel and cloned the processor specific INTR project from within
PLATFORM/COMMON for our use. The common source under the PRIVATE/
SERVERS/HTTP tree is a bit more complex; it's not clear how to clone
the projects that build HTTPISAPI.lib and HTTPFILT.lib so we can
correct the bugs found in isapi.cpp and callback.cpp and integrate our
built libraries back into the final stage when httpd.dll is built.
Any suggestions on how to do clone these projects the "correct" way?
Or a way that works? Any thoughts on this matter is much
Thank you in advance for your response,