naxsi segfaults on long urls

[rogerthat]

naxsi - versions tested: 0.53-1 + 0.54rc0
nginx: 1.6.2

while fuzzing nginx/naxsi i found naxsi to kill its nginx-worker-process when feed with long/random urls. nginx w/out naxsi works quite fine.

this is the curl-command:

curl -v http://localhost:1234/RJyIdIFfpCvCmE3FCglyolhQpjAFGPqj/GHMjmX551MaZ703Zgik2hfRuJABMShON/Z5wR2X5bFir5PycE5FFVoFHmfx8QNL4V/943CsQz2dYBV33Z9jiZYnZ5EejAlkEO4/uYTS41BdplwAOUDB0xn9ClFmDZsr7tRZ/wTLei0OHtlrZR8bxfK2LDwIF8OMH3WZE/w3kvyBve0dpjW3x9xoqg748ZjebaQdy8/Bx85uPeiwDtoQrj3oFP2dRnj73iyiLt3/iY1oSOihQC4ulhrGd2YprEp08T3FH0kQ/hh6z5gOUuqli4hh5HIaeP6GVGiiONZLj/CofGwbvn3Ykmi7mbFL6k4pMMgQaFSMvB/mz3nZHp8DhDQTl387vv7P1wcdBKvujfe/EJYiTbfJd9WVYcmdnqKLXiFpF6Kr0biw/G9nSg0ZN4yftaumTdGXntboyZT2iJvqe/2etvNYUSpPTJdWGQGkCFDw9Yn6P8bG0t/1hvs9ktzfaAgWil0I0wolt24rft67Whs/fpOeIopoVz2YA10ricpFi7c1n1uhKPOM/XscwrENSml68eZWoLDCNNPMxtSZa07er/fEnANOa73wuHAXRmh9waM2n8nbaWB8lr/lIyImkx0q8K1tMepBI6OTjNAzTfPPveX/sReJanUiHGNmrA5DD8OcCMhQWakdTVd6/ctGF1f1f8i8zxZ4ayGPHdER9xdQmGYIj/ZpYUJz0hneOW0uCpmcnDdiBb2chRzd2j/IRK4BKje7lMTIk54cTShUng3M2J9j4ae/jfC9Z3wxSqrOm41ntbPh4FKs4DCGl4X3/fwfYfvDWvJBos5JmKbelHDwycUIA0iPj/VbArpVN5jTpqyNsGJT5rMRnEdvfHCdO9/TjZfWMSN47NIxbnFCqDOIDkFLwxrxJ6n/mkacRmKU9bUetg5ZZWplW40jmbst9W91/9UdszxKPDe1kIvwP9MJXVB5TFO4PoM45/cKaB0uHe5XYs4VRvi0SC3Ezt1XjBDrsT/xsjasaATxxGtf7aPdvweU4Fhfkcj8RqQ/KVSArfJaLokxKvZJa6DnRv86FZBfjyPp/zRAuwgCqKxMBFQccsN6kz2gQQbn6M2OR/UCBdRksWkIbbI6xu6g3cEC6I4RS0blhC/IYsGGwHs2xDaso9nUZa6itgzVYB2jqGG/awACcJnUKyrr30iIe00nDCCsbWisNS9j/KtJ28OnSy1AgZGWm1zGJfHZ1L25lMryz/WccLtXBQSw9lgnZYlI4HL0Fcvo0xg0VV/4bAURVacvcMWsWH0OeBITjNr4pZHy1ev/DUYNBjRFOrlZ0729b8tnnFPOcWfs6oPo/5MGXyTTMKmsfBJREKJ57L0kzsJLNqBJZ/BggReuhQlZvIOZ3V4oyzja8ffYTea1YM/evjFx6vVxbTHkAkiXyxF9961azP5kRaE/qUsuvNZOuASzvjeufYK0ED1yDpoM18yr/d9M5aMssXJ5NIqeOcr1zNlnnOJCHozvR/iff1NofjukyuQHE1nzkFy4fKyWpcWwTJ/K6OXsgUeiPMoJH4ahKc32TAJVaCOMF2b/Qx9OMg3mGLgGWFMJwX7NCIAvAjknHCMC/MrZfhxQk4Y05wOc8WU43r4DNuANXEU6W/41wneSCeolVguxfuaRv0qR2IRcKyxnqJ/5kx4glclwR9pKqcY1XNmgyoFC3aAYQ64/dRIOuzBuAATyTsZunC7dRhSqOYB6MX3v/1L9m8gHnKYmSvlN9tTVc9N1eok33lh72/Nfl5SSttMNwsmJ9Va0cpzkhNh3MTlYxU/v84mzMslmeieOct17yUTBXDOyI7ztdaY/C038inDtbZY6cEtM2A09NC89fRNMa1nZ/1oWGjLTcCqx0tEH8ZV6GnL8eXEKbQeUq/PrnlePb9Je7jL1QCwMdgm3L8qFrn6q1e/iqUJJk67hgZhJWmIRyCok9BUqEeaXka4/7y1FF0WGB41c6QPDfBfCoBzPo7GZTXcL/hLgm8mS6NM2ZQGQoHftOno2KRXxz6Cax/37RYU50Mt7tiojooI2RGQ5ZaYr5b8Yp6/qD0Q4gXaVoSPcASmKjiTYeAcEWRxoBLU/SrZoCOHkJ745oCIeq6RgbFKXkDbMR41Q/vbqDdUtKwxXV8l0rN6wsAzwkHhQSPUvJ/WgMBMQeMYQOkLoOKEh2zCi8RYsG0B4bk/4CDcr2AFd2VgD9p2e3myTfztts83Wi6R/so6KZFe5hedSwBtjPH52b4g8em5uCpbI/7Rewp9X5dOc5s0ZUPGNN5qCLVeHodsD6/f1YXMjXNXrEYGJyQB6w9aMSzRFCvNopf/hPlfwl7xqrZ9tZzQoA6pFsV8YAgsJOic/BzvocMhJysrZUdlKYd5z1U0f8GTZll3K/csVO0kT1oVIvVTu77J7aJdvgSuPUKJG5/QOmgDvbZM7rmbGCzWSKUYVDQOwdw6vWz/lYVkxkP7KfOWfhA0EHn6mYl9Z7Ydsz8g/vaU0FEeTaug5QQOoNIkuHSIql2pMhi2A/ztAvv63ICXHMBhIz4ODhuirdfFCjEi7u/STEwVjyoFzVLAvWIVqDCaesSMTXwMcnc/tEy0ti1eO2YbER49AqbEFZHcWjNCLdTb/XnQOK5oG56lK3FDPu7IiNwcd3IHaXsqb/Z1LA8fATilAhBLzao0QRREQFoVVLUSzR/HJuOpV4pc3UbI9BrlxpKb4MH5HygSSJr/2C9u069p51S4f8QrFnl07tWIlHmCsdGl/dNJHadU8ZRQru4X4fhPfM8igItp38uX3/LvDeJiUhQwgQzoB1Qv2NHqsOGkteoHQU/BS0ckq1A2PKLMTttvfjydpHtPgeassh3/NRr6JTdrESraBIcarAyYMbsjMWmo2cmj/UhNbOYwLgfn2k9IIlnYX1y887tSk2gtC/v9FtGi3GBODP62s9ynQ1J1VBC2E5sSFK/rl7DP7fbSpyxXlKmbpSkx1Apo9RHc40I/hPQp6mVDdpoa8zyyoOcovvQNC5hI8OXx/wtVoQq1cg5hka45aa6Do9q0zYSLY7S4f/Ol83EEYWDHsiIp9lwVWq1SD6KaOc9Y5n/24bokb5wcXO6MMLPdzaunGB4QElf7NAI/ZnJb7N3OB2xP7iJIIrjQGPDhnGENigH8/xEQ9ZtcJEALBlXNUtuI3nenGvPDYXULC/G37GmfjO196GL8zsfw5qg4emHOcAISbX/E3ara7483ef9fVJ2bYJXTeABcWapJkD8/atFN81jfowvbhS1eCKj8YeOFzPuyAxJ3/B6xXXjza8hbLjUZhYOkE8VIP2IreWUYn/qzKLDpyyctOSDYAHZCbu2GE0e12kgzx9/sDvTzITL3GulSd49arQfwxyMkZOZj2ZU/ufQFvrwgCmrFZ5OVsEcRt4u2eatx4Ybf/0NVTWYhjMO05JSwuWEXvdbXHWwJz2h1e/DGtZSnttC07UbBDZrXQ9Y5TKqFber6k6/qxYNgM5NbKMKX5m7Reqf8Vdt5YpwvDdG/7POOLBYyHd5r8ngPfr8JsCSBIgTqWffj/GKGSZDEjbpG6sMa5piY6VvKuTnwQ4ORj/qUqI0ToMuNcPDoz83nrKsIAfd562WSBL/W0xVA8FxpWyFMNGvmmRSri64UMQvYV2D/0ZcQPPCWbTuyj7ftXAx2ZDYioUxSEUv3/8qWvb4QHFfMBRgK3QAM0XXvDO5tTg4kG/1eNLXea64uiTwIo9J304xUQ7fGqO4elW/85p96yifmWorBU2W4EzcWHk8UxTULCpf/TRwklFWugsjhaLi7ILdHCOlVeNMljWk7/nt0GFgcJbw4wzICY1Rs2F2TwEJxOfvDA/TMXNel2c46lnFRDvrMiNwSVx4dK7xUfX/S25k4U0O2ULIFxPoymgyXqBIwIOavZfK

• About to connect() to localhost port 1234 (#0)
• Trying ::1...
• Connection refused
• Trying 127.0.0.1...
• connected
• Connected to localhost (127.0.0.1) port 1234 (#0)

  GET /RJyIdIFfpCvCmE3FCglyolhQpjAFGPqj/GHMjmX551MaZ703Zgik2hfRuJABMShON/Z5wR2X5bFir5PycE5FFVoFHmfx8QNL4V/943CsQz2dYBV33Z9jiZYnZ5EejAlkEO4/uYTS41BdplwAOUDB0xn9ClFmDZsr7tRZ/wTLei0OHtlrZR8bxfK2LDwIF8OMH3WZE/w3kvyBve0dpjW3x9xoqg748ZjebaQdy8/Bx85uPeiwDtoQrj3oFP2dRnj73iyiLt3/iY1oSOihQC4ulhrGd2YprEp08T3FH0kQ/hh6z5gOUuqli4hh5HIaeP6GVGiiONZLj/CofGwbvn3Ykmi7mbFL6k4pMMgQaFSMvB/mz3nZHp8DhDQTl387vv7P1wcdBKvujfe/EJYiTbfJd9WVYcmdnqKLXiFpF6Kr0biw/G9nSg0ZN4yftaumTdGXntboyZT2iJvqe/2etvNYUSpPTJdWGQGkCFDw9Yn6P8bG0t/1hvs9ktzfaAgWil0I0wolt24rft67Whs/fpOeIopoVz2YA10ricpFi7c1n1uhKPOM/XscwrENSml68eZWoLDCNNPMxtSZa07er/fEnANOa73wuHAXRmh9waM2n8nbaWB8lr/lIyImkx0q8K1tMepBI6OTjNAzTfPPveX/sReJanUiHGNmrA5DD8OcCMhQWakdTVd6/ctGF1f1f8i8zxZ4ayGPHdER9xdQmGYIj/ZpYUJz0hneOW0uCpmcnDdiBb2chRzd2j/IRK4BKje7lMTIk54cTShUng3M2J9j4ae/jfC9Z3wxSqrOm41ntbPh4FKs4DCGl4X3/fwfYfvDWvJBos5JmKbelHDwycUIA0iPj/VbArpVN5jTpqyNsGJT5rMRnEdvfHCdO9/TjZfWMSN47NIxbnFCqDOIDkFLwxrxJ6n/mkacRmKU9bUetg5ZZWplW40jmbst9W91/9UdszxKPDe1kIvwP9MJXVB5TFO4PoM45/cKaB0uHe5XYs4VRvi0SC3Ezt1XjBDrsT/xsjasaATxxGtf7aPdvweU4Fhfkcj8RqQ/KVSArfJaLokxKvZJa6DnRv86FZBfjyPp/zRAuwgCqKxMBFQccsN6kz2gQQbn6M2OR/UCBdRksWkIbbI6xu6g3cEC6I4RS0blhC/IYsGGwHs2xDaso9nUZa6itgzVYB2jqGG/awACcJnUKyrr30iIe00nDCCsbWisNS9j/KtJ28OnSy1AgZGWm1zGJfHZ1L25lMryz/WccLtXBQSw9lgnZYlI4HL0Fcvo0xg0VV/4bAURVacvcMWsWH0OeBITjNr4pZHy1ev/DUYNBjRFOrlZ0729b8tnnFPOcWfs6oPo/5MGXyTTMKmsfBJREKJ57L0kzsJLNqBJZ/BggReuhQlZvIOZ3V4oyzja8ffYTea1YM/evjFx6vVxbTHkAkiXyxF9961azP5kRaE/qUsuvNZOuASzvjeufYK0ED1yDpoM18yr/d9M5aMssXJ5NIqeOcr1zNlnnOJCHozvR/iff1NofjukyuQHE1nzkFy4fKyWpcWwTJ/K6OXsgUeiPMoJH4ahKc32TAJVaCOMF2b/Qx9OMg3mGLgGWFMJwX7NCIAvAjknHCMC/MrZfhxQk4Y05wOc8WU43r4DNuANXEU6W/41wneSCeolVguxfuaRv0qR2IRcKyxnqJ/5kx4glclwR9pKqcY1XNmgyoFC3aAYQ64/dRIOuzBuAATyTsZunC7dRhSqOYB6MX3v/1L9m8gHnKYmSvlN9tTVc9N1eok33lh72/Nfl5SSttMNwsmJ9Va0cpzkhNh3MTlYxU/v84mzMslmeieOct17yUTBXDOyI7ztdaY/C038inDtbZY6cEtM2A09NC89fRNMa1nZ/1oWGjLTcCqx0tEH8ZV6GnL8eXEKbQeUq/PrnlePb9Je7jL1QCwMdgm3L8qFrn6q1e/iqUJJk67hgZhJWmIRyCok9BUqEeaXka4/7y1FF0WGB41c6QPDfBfCoBzPo7GZTXcL/hLgm8mS6NM2ZQGQoHftOno2KRXxz6Cax/37RYU50Mt7tiojooI2RGQ5ZaYr5b8Yp6/qD0Q4gXaVoSPcASmKjiTYeAcEWRxoBLU/SrZoCOHkJ745oCIeq6RgbFKXkDbMR41Q/vbqDdUtKwxXV8l0rN6wsAzwkHhQSPUvJ/WgMBMQeMYQOkLoOKEh2zCi8RYsG0B4bk/4CDcr2AFd2VgD9p2e3myTfztts83Wi6R/so6KZFe5hedSwBtjPH52b4g8em5uCpbI/7Rewp9X5dOc5s0ZUPGNN5qCLVeHodsD6/f1YXMjXNXrEYGJyQB6w9aMSzRFCvNopf/hPlfwl7xqrZ9tZzQoA6pFsV8YAgsJOic/BzvocMhJysrZUdlKYd5z1U0f8GTZll3K/csVO0kT1oVIvVTu77J7aJdvgSuPUKJG5/QOmgDvbZM7rmbGCzWSKUYVDQOwdw6vWz/lYVkxkP7KfOWfhA0EHn6mYl9Z7Ydsz8g/vaU0FEeTaug5QQOoNIkuHSIql2pMhi2A/ztAvv63ICXHMBhIz4ODhuirdfFCjEi7u/STEwVjyoFzVLAvWIVqDCaesSMTXwMcnc/tEy0ti1eO2YbER49AqbEFZHcWjNCLdTb/XnQOK5oG56lK3FDPu7IiNwcd3IHaXsqb/Z1LA8fATilAhBLzao0QRREQFoVVLUSzR/HJuOpV4pc3UbI9BrlxpKb4MH5HygSSJr/2C9u069p51S4f8QrFnl07tWIlHmCsdGl/dNJHadU8ZRQru4X4fhPfM8igItp38uX3/LvDeJiUhQwgQzoB1Qv2NHqsOGkteoHQU/BS0ckq1A2PKLMTttvfjydpHtPgeassh3/NRr6JTdrESraBIcarAyYMbsjMWmo2cmj/UhNbOYwLgfn2k9IIlnYX1y887tSk2gtC/v9FtGi3GBODP62s9ynQ1J1VBC2E5sSFK/rl7DP7fbSpyxXlKmbpSkx1Apo9RHc40I/hPQp6mVDdpoa8zyyoOcovvQNC5hI8OXx/wtVoQq1cg5hka45aa6Do9q0zYSLY7S4f/Ol83EEYWDHsiIp9lwVWq1SD6KaOc9Y5n/24bokb5wcXO6MMLPdzaunGB4QElf7NAI/ZnJb7N3OB2xP7iJIIrjQGPDhnGENigH8/xEQ9ZtcJEALBlXNUtuI3nenGvPDYXULC/G37GmfjO196GL8zsfw5qg4emHOcAISbX/E3ara7483ef9fVJ2bYJXTeABcWapJkD8/atFN81jfowvbhS1eCKj8YeOFzPuyAxJ3/B6xXXjza8hbLjUZhYOkE8VIP2IreWUYn/qzKLDpyyctOSDYAHZCbu2GE0e12kgzx9/sDvTzITL3GulSd49arQfwxyMkZOZj2ZU/ufQFvrwgCmrFZ5OVsEcRt4u2eatx4Ybf/0NVTWYhjMO05JSwuWEXvdbXHWwJz2h1e/DGtZSnttC07UbBDZrXQ9Y5TKqFber6k6/qxYNgM5NbKMKX5m7Reqf8Vdt5YpwvDdG/7POOLBYyHd5r8ngPfr8JsCSBIgTqWffj/GKGSZDEjbpG6sMa5piY6VvKuTnwQ4ORj/qUqI0ToMuNcPDoz83nrKsIAfd562WSBL/W0xVA8FxpWyFMNGvmmRSri64UMQvYV2D/0ZcQPPCWbTuyj7ftXAx2ZDYioUxSEUv3/8qWvb4QHFfMBRgK3QAM0XXvDO5tTg4kG/1eNLXea64uiTwIo9J304xUQ7fGqO4elW/85p96yifmWorBU2W4EzcWHk8UxTULCpf/TRwklFWugsjhaLi7ILdHCOlVeNMljWk7/nt0GFgcJbw4wzICY1Rs2F2TwEJxOfvDA/TMXNel2c46lnFRDvrMiNwSVx4dK7xUfX/S25k4U0O2ULIFxPoymgyXqBIwIOavZfK HTTP/1.1
  User-Agent: curl/7.26.0
  Host: localhost:1234
  Accept: /

• additional stuff not fine transfer.c:1037: 0 0
• Empty reply from server
• Connection #0 to host localhost left intact
  curl: (52) Empty reply from server
• Closing connection #0

---

this is the naxsi-log-entry:

2015/03/22 10:17:19 [error] 17574#0: *1 NAXSI_FMT: ip=127.0.0.1&server=localhost&uri=/RJyIdIFfpCvCmE3FCglyolhQpjAFGPqj/GHMjmX551MaZ703Zgik2hfRuJABMShON/Z5wR2X5bFir5PycE5FFVoFHmfx8QNL4V/943CsQz2dYBV33Z9jiZYnZ5EejAlkEO4/uYTS41BdplwAOUDB0xn9ClFmDZsr7tRZ/wTLei0OHtlrZR8bxfK2LDwIF8OMH3WZE/w3kvyBve0dpjW3x9xoqg748ZjebaQdy8/Bx85uPeiwDtoQrj3oFP2dRnj73iyiLt3/iY1oSOihQC4ulhrGd2YprEp08T3FH0kQ/hh6z5gOUuqli4hh5HIaeP6GVGiiONZLj/CofGwbvn3Ykmi7mbFL6k4pMMgQaFSMvB/mz3nZHp8DhDQTl387vv7P1wcdBKvujfe/EJYiTbfJd9WVYcmdnqKLXiFpF6Kr0biw/G9nSg0ZN4yftaumTdGXntboyZT2iJvqe/2etvNYUSpPTJdWGQGkCFDw9Yn6P8bG0t/1hvs9ktzfaAgWil0I0wolt24rft67Whs/fpOeIopoVz2YA10ricpFi7c1n1uhKPOM/XscwrENSml68eZWoLDCNNPMxtSZa07er/fEnANOa73wuHAXRmh9waM2n8nbaWB8lr/lIyImkx0q8K1tMepBI6OTjNAzTfPPveX/sReJanUiHGNmrA5DD8OcCMhQWakdTVd6/ctGF1f1f8i8zxZ4ayGPHdER9xdQmGYIj/ZpYUJz0hneOW0uCpmcnDdiBb2chRzd2j/IRK4BKje7lMTIk54cTShUng3M2J9j4ae/jfC9Z3wxSqrOm41ntbPh4FKs4DCGl4X3/fwfYfvDWvJBos5JmKbelHDwycUIA0iPj/VbArpVN5jTpqyNsGJT5rMRnEdvfHCdO9/TjZfWMSN47NIxbnFCqDOIDkFLwxrxJ6n/mkacRmKU9bUetg5ZZWplW40jmbst9W91/9UdszxKPDe1kIvwP9MJXVB5TFO4PoM45/cKaB0uHe5XYs4VRvi0SC3Ezt1XjBDrsT/xsjasaATxxGtf7aPdvweU4Fhfkcj8RqQ/KVSArfJaLokxKvZJa6DnRv86FZBfjyPp/zRAuwgCqKxMBFQccsN6kz2gQQbn6M2OR/UCBdRksWkIbbI6xu6g3cEC6I4RS0blhC/IYsGGwHs2xDaso9nUZa6itgzVYB2jqGG/awACcJnUKyrr30iIe00nDCCsbWisNS9j/KtJ28OnSy1AgZGWm1zGJfHZ1L25lMryz/WccLtXBQSw9lgnZYlI4HL0Fcvo0xg0VV/4bAURVacvcMWsWH0OeBITjNr4pZHy1ev/DUYNBjRFOrlZ0729b8tnnFPOcWfs6oPo/5MGXyTTMKmsfBJREKJ57L0kzsJLNqBJZ/BggReuhQlZvIOZ3V4oyzja8ffYTea1YM/evjFx6vVxbTHkAkiXyxF9961azP5kRaE/qUsuvNZOuASzvjeufYK0ED1yDpoM18yr/d9M5aMssXJ5NIqeOcr1zNlnnOJCHozvR/iff1NofjukyuQHE1nzkFy4fKyWpcWwTJ/K6OXsgUeiPMoJH4ahKc32TAJVaCOMF2b/Qx9OMg3mGLgGWFMJwX7NCIAvAjknHCMC/MrZfhxQk4Y05wOc8WU43r4DNuANXEU6W/41wneSCeolVguxfuaRv0qR2IRcKyxnqJ/5kx4glclwR9pKqcY1XNmgyoFC3aAYQ64/dRIOuzBuAATyTsZunC7dRhSqOYB6MX3v/1L9m8gHnKYmSvlN9tTVc9N1eok33lh72/Nfl5SSttMNwsmJ9Va0cpzkhNh3MTlYxU/v84mzMslmeieOct17yUTBXDOyI7ztdaY/C038inDtbZY6cEtM2A09NC89fRNMa1nZ/1oWGjLTcCqx0t, client: 127.0.0.1, server: localhost, request: "GET /RJyIdIFfpCvC
2015/03/22 10:17:19 [alert] 17573#0: worker process 17574 exited on signal 11

---

this is curl/nginx w/out naxsi:

curl -v http://localhost:1234/RJyIdIFfpCvCmE3FCglyolhQpjAFGPqj/[long random struff here]/
* About to connect() to localhost port 1234 (#0)
*   Trying ::1...
* Connection refused
*   Trying 127.0.0.1...
* connected
* Connected to localhost (127.0.0.1) port 1234 (#0)
> GET /RJyIdIFfpCvCmE3FCglyolhQpjAFGPqj/[long random struff here] HTTP/1.1
> User-Agent: curl/7.26.0
> Host: localhost:1234
> Accept: */*
> 
* additional stuff not fine transfer.c:1037: 0 0
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 200 OK
< Server: nginx/1.6.2
< Date: Sun, 22 Mar 2015 09:22:11 GMT
< Content-Type: application/octet-stream
< Content-Length: 0
< Connection: keep-alive
< Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Cache-Control: public
< 
* Connection #0 to host localhost left intact
* Closing connection #0

[buixor]

oh nice finding, seems to be a null pointer deref that was not spotted before :)
I'm going to look at that tonight and come back to you asap.

thanks for the fuzzing

[buixor]

yep, induced by the change of the logging that splits the line in fragments.
I'll wait to do my push to close the issue :)

[rogerthat]

a colleague of mine works on a http-fuzzer, so expect more to come :D

[buixor]

fixed, thanks for the report, RC2 incoming soon :)