mirror of
https://git.FreeBSD.org/ports.git
synced 2024-12-22 04:17:44 +00:00
- Added patch to circumvent integer overflow in Content-Length header
parsing, until new upstream package is released. PR: ports/155027 Submitted by: C-S <c-s@c-s.li> Security: b13414c9-50ba-11e0-975a-000c29cc39d3 Security: http://www.hiawatha-webserver.org/weblog/16 Security: http://secunia.com/advisories/43660/
This commit is contained in:
parent
7dd7d929e6
commit
9e2b68012b
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=271160
@ -7,6 +7,7 @@
|
||||
|
||||
PORTNAME= hiawatha
|
||||
PORTVERSION= 7.4
|
||||
PORTREVISION= 1
|
||||
CATEGORIES= www
|
||||
MASTER_SITES= http://www.hiawatha-webserver.org/files/ \
|
||||
http://www.c-s.li/ports/
|
||||
|
19
www/hiawatha/files/patch-hiawatha.c
Normal file
19
www/hiawatha/files/patch-hiawatha.c
Normal file
@ -0,0 +1,19 @@
|
||||
--- ./hiawatha.c.orig 2010-11-02 17:03:24.000000000 -0400
|
||||
+++ ./hiawatha.c 2011-02-25 16:41:31.000000000 -0500
|
||||
@@ -34,6 +34,7 @@
|
||||
#include <sys/wait.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/time.h>
|
||||
+#include <limits.h>
|
||||
#include "alternative.h"
|
||||
#include "mimetype.h"
|
||||
#include "serverconfig.h"
|
||||
@@ -418,7 +419,7 @@
|
||||
*strend = '\0';
|
||||
content_length = str2int(strstart);
|
||||
*strend = '\r';
|
||||
- if (content_length < 0) {
|
||||
+ if ((content_length < 0) || (INT_MAX - content_length - 2 <= header_length)) {
|
||||
result = 400;
|
||||
break;
|
||||
}
|
Loading…
Reference in New Issue
Block a user