ports/155027: [UPDATE] www/hiawatha
C-S
c-s at c-s.li
Fri Feb 25 13:40:11 UTC 2011
>Number: 155027
>Category: ports
>Synopsis: [UPDATE] www/hiawatha
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Fri Feb 25 13:40:09 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: C-S
>Release:
>Organization:
>Environment:
>Description:
There has been a serious bug found in the current version of hiawatha. The following patch fixes that:
http://www.hiawatha-webserver.org/weblog/16
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
diff -ruN hiawatha.orig/Makefile hiawatha/Makefile
--- hiawatha.orig/Makefile 2011-02-25 14:29:54.141307371 +0100
+++ hiawatha/Makefile 2011-02-25 14:30:02.242658743 +0100
@@ -7,6 +7,7 @@
PORTNAME= hiawatha
PORTVERSION= 7.4
+PORTREVISION= 1
CATEGORIES= www
MASTER_SITES= http://www.hiawatha-webserver.org/files/ \
http://www.c-s.li/ports/
diff -ruN hiawatha.orig/files/patch-hiawatha.c hiawatha/files/patch-hiawatha.c
--- hiawatha.orig/files/patch-hiawatha.c 1970-01-01 01:00:00.000000000 +0100
+++ hiawatha/files/patch-hiawatha.c 2011-02-25 14:30:02.188657316 +0100
@@ -0,0 +1,19 @@
+--- hiawatha.c.orig 2011-02-25 14:21:15.953502381 +0100
++++ hiawatha.c 2011-02-25 14:24:44.166094143 +0100
+@@ -34,6 +34,7 @@
+ #include <sys/wait.h>
+ #include <sys/socket.h>
+ #include <sys/time.h>
++#include <limits.h>
+ #include "alternative.h"
+ #include "mimetype.h"
+ #include "serverconfig.h"
+@@ -418,7 +419,7 @@
+ *strend = '\0';
+ content_length = str2int(strstart);
+ *strend = '\r';
+- if (content_length < 0) {
++ if ((content_length < 0) || (INT_MAX - content_length - 2 <= header_length)) {
+ result = 400;
+ break;
+ }
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list