ports/155027: [UPDATE] www/hiawatha

[C-S]

>Number:         155027
>Category:       ports
>Synopsis:       [UPDATE] www/hiawatha
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Fri Feb 25 13:40:09 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     C-S
>Release:        
>Organization:
>Environment:
>Description:
There has been a serious bug found in the current version of hiawatha. The following patch fixes that:

http://www.hiawatha-webserver.org/weblog/16
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

diff -ruN hiawatha.orig/Makefile hiawatha/Makefile
--- hiawatha.orig/Makefile	2011-02-25 14:29:54.141307371 +0100
+++ hiawatha/Makefile	2011-02-25 14:30:02.242658743 +0100
@@ -7,6 +7,7 @@
 
 PORTNAME=	hiawatha
 PORTVERSION=	7.4
+PORTREVISION=	1
 CATEGORIES=	www
 MASTER_SITES=	http://www.hiawatha-webserver.org/files/ \
 		http://www.c-s.li/ports/
diff -ruN hiawatha.orig/files/patch-hiawatha.c hiawatha/files/patch-hiawatha.c
--- hiawatha.orig/files/patch-hiawatha.c	1970-01-01 01:00:00.000000000 +0100
+++ hiawatha/files/patch-hiawatha.c	2011-02-25 14:30:02.188657316 +0100
@@ -0,0 +1,19 @@
+--- hiawatha.c.orig	2011-02-25 14:21:15.953502381 +0100
++++ hiawatha.c	2011-02-25 14:24:44.166094143 +0100
+@@ -34,6 +34,7 @@
+ #include <sys/wait.h>
+ #include <sys/socket.h>
+ #include <sys/time.h>
++#include <limits.h>
+ #include "alternative.h"
+ #include "mimetype.h"
+ #include "serverconfig.h"
+@@ -418,7 +419,7 @@
+ 							*strend = '\0';
+ 							content_length = str2int(strstart);
+ 							*strend = '\r';
+-							if (content_length < 0) {
++							if ((content_length < 0) || (INT_MAX - content_length - 2 <= header_length)) {
+ 								result = 400;
+ 								break;
+ 							}


>Release-Note:
>Audit-Trail:
>Unformatted: