mirror of
https://git.FreeBSD.org/ports.git
synced 2024-10-18 19:49:40 +00:00
Patch fcgi to address CVE-2012-6687 vulnerabilities.
PR: 197844 Submitted by: rodrigo Obtained from: ubuntu MFH: 2015Q1 Security: CVE-2012-6687
This commit is contained in:
parent
28780f4d2c
commit
18764f0c9e
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=380457
@ -3,7 +3,7 @@
|
||||
|
||||
PORTNAME= fcgi
|
||||
PORTVERSION= 2.4.0
|
||||
PORTREVISION= 4
|
||||
PORTREVISION= 5
|
||||
CATEGORIES= www
|
||||
MASTER_SITES= http://www.fastcgi.com/dist/ \
|
||||
http://www.skysmurf.nl/comp/FreeBSD/distfiles/
|
||||
@ -17,10 +17,11 @@ LICENSE_NAME= Open Market FastCGI license
|
||||
LICENSE_FILE= ${WRKSRC}/LICENSE.TERMS
|
||||
LICENSE_PERMS= dist-mirror dist-sell pkg-mirror pkg-sell auto-accept
|
||||
|
||||
USES= libtool
|
||||
USES= cpe libtool
|
||||
GNU_CONFIGURE= yes
|
||||
USE_LDCONFIG= yes
|
||||
MAKE_JOBS_UNSAFE= yes
|
||||
CPE_VENDOR= fastcgi
|
||||
|
||||
OPTIONS_DEFINE= DOCS
|
||||
|
||||
|
81
www/fcgi/files/patch-CVE-2012-6687-pool
Normal file
81
www/fcgi/files/patch-CVE-2012-6687-pool
Normal file
@ -0,0 +1,81 @@
|
||||
diff --git a/libfcgi/os_unix.c b/libfcgi/os_unix.c
|
||||
index 73e6a7f..af35aee 100755
|
||||
--- libfcgi/os_unix.c
|
||||
+++ libfcgi/os_unix.c
|
||||
@@ -42,6 +42,7 @@ static const char rcsid[] = "$Id: os_unix.c,v 1.37 2002/03/05 19:14:49 robs Exp
|
||||
#include <sys/time.h>
|
||||
#include <sys/un.h>
|
||||
#include <signal.h>
|
||||
+#include <poll.h>
|
||||
|
||||
#ifdef HAVE_NETDB_H
|
||||
#include <netdb.h>
|
||||
@@ -103,6 +104,9 @@ static int volatile maxFd = -1;
|
||||
static int shutdownPending = FALSE;
|
||||
static int shutdownNow = FALSE;
|
||||
|
||||
+static int libfcgiOsClosePollTimeout = 2000;
|
||||
+static int libfcgiIsAfUnixKeeperPollTimeout = 2000;
|
||||
+
|
||||
void OS_ShutdownPending()
|
||||
{
|
||||
shutdownPending = TRUE;
|
||||
@@ -168,6 +172,16 @@ int OS_LibInit(int stdioFds[3])
|
||||
if(libInitialized)
|
||||
return 0;
|
||||
|
||||
+ char *libfcgiOsClosePollTimeoutStr = getenv( "LIBFCGI_OS_CLOSE_POLL_TIMEOUT" );
|
||||
+ if(libfcgiOsClosePollTimeoutStr) {
|
||||
+ libfcgiOsClosePollTimeout = atoi(libfcgiOsClosePollTimeoutStr);
|
||||
+ }
|
||||
+
|
||||
+ char *libfcgiIsAfUnixKeeperPollTimeoutStr = getenv( "LIBFCGI_IS_AF_UNIX_KEEPER_POLL_TIMEOUT" );
|
||||
+ if(libfcgiIsAfUnixKeeperPollTimeoutStr) {
|
||||
+ libfcgiIsAfUnixKeeperPollTimeout = atoi(libfcgiIsAfUnixKeeperPollTimeoutStr);
|
||||
+ }
|
||||
+
|
||||
asyncIoTable = (AioInfo *)malloc(asyncIoTableSize * sizeof(AioInfo));
|
||||
if(asyncIoTable == NULL) {
|
||||
errno = ENOMEM;
|
||||
@@ -755,19 +769,16 @@ int OS_Close(int fd)
|
||||
|
||||
if (shutdown(fd, 1) == 0)
|
||||
{
|
||||
- struct timeval tv;
|
||||
- fd_set rfds;
|
||||
+ struct pollfd pfd;
|
||||
int rv;
|
||||
char trash[1024];
|
||||
|
||||
- FD_ZERO(&rfds);
|
||||
+ pfd.fd = fd;
|
||||
+ pfd.events = POLLIN;
|
||||
|
||||
do
|
||||
{
|
||||
- FD_SET(fd, &rfds);
|
||||
- tv.tv_sec = 2;
|
||||
- tv.tv_usec = 0;
|
||||
- rv = select(fd + 1, &rfds, NULL, NULL, &tv);
|
||||
+ rv = poll(&pfd, 1, libfcgiOsClosePollTimeout);
|
||||
}
|
||||
while (rv > 0 && read(fd, trash, sizeof(trash)) > 0);
|
||||
}
|
||||
@@ -1116,13 +1127,11 @@ static int is_reasonable_accept_errno (const int error)
|
||||
*/
|
||||
static int is_af_unix_keeper(const int fd)
|
||||
{
|
||||
- struct timeval tval = { READABLE_UNIX_FD_DROP_DEAD_TIMEVAL };
|
||||
- fd_set read_fds;
|
||||
-
|
||||
- FD_ZERO(&read_fds);
|
||||
- FD_SET(fd, &read_fds);
|
||||
+ struct pollfd pfd;
|
||||
+ pfd.fd = fd;
|
||||
+ pfd.events = POLLIN;
|
||||
|
||||
- return select(fd + 1, &read_fds, NULL, NULL, &tval) >= 0 && FD_ISSET(fd, &read_fds);
|
||||
+ return poll(&pfd, 1, libfcgiIsAfUnixKeeperPollTimeout) >= 0 && (pfd.revents & POLLIN);
|
||||
}
|
||||
|
||||
/*
|
Loading…
Reference in New Issue
Block a user