Simple Web Server 0.5.1 bug report
		     ==================================

I have recently noticed an interesting bug in Simple Web Server 0.5.1, while
browsing around various http daemon codes. apperantly sws uses a small routine
that adds your socket input, char by char, into an array of strings
(see request.c->get_request(), line 154). though it doesnt do and bound
checking and keeps on strncat()'ing beyond the string, until %eip.

Core was generated by `xxxxxxxxxxx'. :-)
(gdb) info registers
eax            0xbffffbf5       -1073742859
ecx            0xbfffffff       -1073741825
edx            0xa78    2680
ebx            0xbfffc925       -1073755867
esp            0xbfffbee8       0xbfffbee8
ebp            0xbfffbef4       0xbfffbef4
esi            0xbffffbf4       -1073742860
edi            0xbfffc925       -1073755867
eip            0x4007863f       0x4007863f

As you can see, %eip is partly overwritten (0x400_78_63f), which makes the
process lay off course and die. I have already mailed the author and
hoping to see this getting fixed soon.
by the way - if any of you find any use for this please let me know :-)

--SectorX <sectorx@digitalphobia.com> of XOR <http://xorteam.cjb.net>