Patch fcgi to address CVE-2012-6687 vulnerabilities.

PR: 197844 Submitted by: rodrigo Obtained from: ubuntu MFH: 2015Q1 Security: CVE-2012-6687
svn path=/head/; revision=380457
2024-10-18 19:49:40 +00:00 · 2015-03-04 23:31:56 +00:00 · 2015-03-04 23:31:56 +00:00 · 18764f0c9e · 2021-03-31 03:12:20 +00:00
commit 18764f0c9e
parent 28780f4d2c
2 changed files with 84 additions and 2 deletions
--- a/www/fcgi/Makefile
+++ b/www/fcgi/Makefile
@ -3,7 +3,7 @@

 PORTNAME=	fcgi
 PORTVERSION=	2.4.0
-PORTREVISION=	4
+PORTREVISION=	5
 CATEGORIES=	www
 MASTER_SITES=	http://www.fastcgi.com/dist/ \
 		http://www.skysmurf.nl/comp/FreeBSD/distfiles/
@ -17,10 +17,11 @@ LICENSE_NAME=	Open Market FastCGI license
 LICENSE_FILE=	${WRKSRC}/LICENSE.TERMS
 LICENSE_PERMS=	dist-mirror dist-sell pkg-mirror pkg-sell auto-accept

-USES=		libtool
+USES=		cpe libtool
 GNU_CONFIGURE=	yes
 USE_LDCONFIG=	yes
 MAKE_JOBS_UNSAFE=	yes
+CPE_VENDOR=	fastcgi

 OPTIONS_DEFINE=	DOCS

--- a/www/fcgi/files/patch-CVE-2012-6687-pool
+++ b/www/fcgi/files/patch-CVE-2012-6687-pool
@ -0,0 +1,81 @@
+diff --git a/libfcgi/os_unix.c b/libfcgi/os_unix.c
+index 73e6a7f..af35aee 100755
+--- libfcgi/os_unix.c
+++ libfcgi/os_unix.c
+@@ -42,6 +42,7 @@ static const char rcsid[] = "$Id: os_unix.c,v 1.37 2002/03/05 19:14:49 robs Exp
+ #include <sys/time.h>
+ #include <sys/un.h>
+ #include <signal.h>
+#include <poll.h>
+ 
+ #ifdef HAVE_NETDB_H
+ #include <netdb.h>
+@@ -103,6 +104,9 @@ static int volatile maxFd = -1;
+ static int shutdownPending = FALSE;
+ static int shutdownNow = FALSE;
+ 
+static int libfcgiOsClosePollTimeout = 2000;
+static int libfcgiIsAfUnixKeeperPollTimeout = 2000;
+
+ void OS_ShutdownPending()
+ {
+     shutdownPending = TRUE;
+@@ -168,6 +172,16 @@ int OS_LibInit(int stdioFds[3])
+     if(libInitialized)
+         return 0;
+ 
+    char *libfcgiOsClosePollTimeoutStr = getenv( "LIBFCGI_OS_CLOSE_POLL_TIMEOUT" );
+    if(libfcgiOsClosePollTimeoutStr) {
+        libfcgiOsClosePollTimeout = atoi(libfcgiOsClosePollTimeoutStr);
+    }
+
+    char *libfcgiIsAfUnixKeeperPollTimeoutStr = getenv( "LIBFCGI_IS_AF_UNIX_KEEPER_POLL_TIMEOUT" );
+    if(libfcgiIsAfUnixKeeperPollTimeoutStr) {
+        libfcgiIsAfUnixKeeperPollTimeout = atoi(libfcgiIsAfUnixKeeperPollTimeoutStr);
+    }
+
+     asyncIoTable = (AioInfo *)malloc(asyncIoTableSize * sizeof(AioInfo));
+     if(asyncIoTable == NULL) {
+         errno = ENOMEM;
+@@ -755,19 +769,16 @@ int OS_Close(int fd)
+ 
+     if (shutdown(fd, 1) == 0)
+     {
+-        struct timeval tv;
+-        fd_set rfds;
+        struct pollfd pfd;
+         int rv;
+         char trash[1024];
+ 
+-        FD_ZERO(&rfds);
+        pfd.fd = fd;
+        pfd.events = POLLIN;
+ 
+         do 
+         {
+-            FD_SET(fd, &rfds);
+-            tv.tv_sec = 2;
+-            tv.tv_usec = 0;
+-            rv = select(fd + 1, &rfds, NULL, NULL, &tv);
+            rv = poll(&pfd, 1, libfcgiOsClosePollTimeout);
+         }
+         while (rv > 0 && read(fd, trash, sizeof(trash)) > 0);
+     }
+@@ -1116,13 +1127,11 @@ static int is_reasonable_accept_errno (const int error)
+  */
+ static int is_af_unix_keeper(const int fd)
+ {
+-    struct timeval tval = { READABLE_UNIX_FD_DROP_DEAD_TIMEVAL };
+-    fd_set read_fds;
+-
+-    FD_ZERO(&read_fds);
+-    FD_SET(fd, &read_fds);
+    struct pollfd pfd;
+    pfd.fd = fd;
+    pfd.events = POLLIN;
+ 
+-    return select(fd + 1, &read_fds, NULL, NULL, &tval) >= 0 && FD_ISSET(fd, &read_fds);
+    return poll(&pfd, 1, libfcgiIsAfUnixKeeperPollTimeout) >= 0 && (pfd.revents & POLLIN);
+ }
+ 
+ /*