svn commit: r510747 - head/www/libevhtp
Richard Gallamore
ultima at FreeBSD.org
Sun Sep 1 22:48:46 UTC 2019
Author: ultima
Date: Sun Sep 1 22:48:46 2019
New Revision: 510747
URL: https://svnweb.freebsd.org/changeset/ports/510747
Log:
Fix stack overflow that can occur in libevhtp
libevhtp allocates a stack based on data length
when C99 is detected at compile time. There are
no checks to verify that the stack is big enough
which can cause a stack overflow.
Adding EVHTP_HAS_C99=false at compile time changes
this behavior by allocate to a buffer which has
proper checks in place.
More information about this bug can be found at:
https://github.com/criticalstack/libevhtp/issues/118
https://github.com/haiwen/seafile/issues/1928
MFH: 2019Q3
Modified:
head/www/libevhtp/Makefile
Modified: head/www/libevhtp/Makefile
==============================================================================
--- head/www/libevhtp/Makefile Sun Sep 1 21:48:44 2019 (r510746)
+++ head/www/libevhtp/Makefile Sun Sep 1 22:48:46 2019 (r510747)
@@ -2,7 +2,7 @@
PORTNAME= libevhtp
PORTVERSION= 1.2.16
-PORTREVISION= 3
+PORTREVISION= 4
CATEGORIES= www
MAINTAINER= ultima at FreeBSD.org
@@ -19,7 +19,8 @@ USE_GITHUB= yes
GH_ACCOUNT= criticalstack
CMAKE_ARGS= -DCMAKE_INCLUDE_PATH:PATH=include/event2 \
- -DCMAKE_LIBRARY_PATH:PATH=lib/event2
+ -DCMAKE_LIBRARY_PATH:PATH=lib/event2 \
+ -DEVHTP_HAS_C99:BOOL=FALSE
PLIST_SUB= PORTVERSION=${PORTVERSION}
More information about the svn-ports-all
mailing list