[UPH-07-01]
UnprotectedHex.com security advisory [07-01]
Discovered by nnp

Discovered : 1 August 2007
Reported to the vendor : 13 October 2007
Fixed by vendor : 21 October 2007

Vulnerability class : Remote DoS

Affected product : mt-dappd/Firefly Media Server
Version : <= 0.2.4
Product details: 
www.fireflymediaserver.org/ 
'''
The purpose of this project is built the best server software to serve digital music to the Roku Soundbridge and iTunes; to be able to serve the widest variety of digital music content over the widest range of devices
'''

File/Function/line : webserver.c/ws_getheaders/631

Cause : Null pointer dereference. Any header that contains a line (not the first line) that does not contain a ':' will result in a null pointer dereference as strsep(&last, ':') will assign NULL to the variable 'last' and the code then attempts to dereference 'last'.

    strsep(&last,":");

    if(last==first) {
        DPRINTF(E_WARN,L_WS,"Thread %d: Invalid header: %s\n",
            pwsc->threadno,first);
    } else {
        while(*last==' ')
            last++;

Proof of concept code : Yes