svn commit: r510747 - head/www/libevhtp
Ultima
ultima at ultimasbox.com
Mon Sep 2 00:25:08 UTC 2019
Had my vocabulary mixed up on the commit message,
stack = buffer and buffer = heap.
On Sun, Sep 1, 2019 at 3:48 PM Richard Gallamore <ultima at freebsd.org> wrote:
> Author: ultima
> Date: Sun Sep 1 22:48:46 2019
> New Revision: 510747
> URL: https://svnweb.freebsd.org/changeset/ports/510747
>
> Log:
> Fix stack overflow that can occur in libevhtp
>
> libevhtp allocates a stack based on data length
> when C99 is detected at compile time. There are
> no checks to verify that the stack is big enough
> which can cause a stack overflow.
>
> Adding EVHTP_HAS_C99=false at compile time changes
> this behavior by allocate to a buffer which has
> proper checks in place.
>
> More information about this bug can be found at:
> https://github.com/criticalstack/libevhtp/issues/118
> https://github.com/haiwen/seafile/issues/1928
>
> MFH: 2019Q3
>
> Modified:
> head/www/libevhtp/Makefile
>
> Modified: head/www/libevhtp/Makefile
>
> ==============================================================================
> --- head/www/libevhtp/Makefile Sun Sep 1 21:48:44 2019 (r510746)
> +++ head/www/libevhtp/Makefile Sun Sep 1 22:48:46 2019 (r510747)
> @@ -2,7 +2,7 @@
>
> PORTNAME= libevhtp
> PORTVERSION= 1.2.16
> -PORTREVISION= 3
> +PORTREVISION= 4
> CATEGORIES= www
>
> MAINTAINER= ultima at FreeBSD.org
> @@ -19,7 +19,8 @@ USE_GITHUB= yes
> GH_ACCOUNT= criticalstack
>
> CMAKE_ARGS= -DCMAKE_INCLUDE_PATH:PATH=include/event2 \
> - -DCMAKE_LIBRARY_PATH:PATH=lib/event2
> + -DCMAKE_LIBRARY_PATH:PATH=lib/event2 \
> + -DEVHTP_HAS_C99:BOOL=FALSE
>
> PLIST_SUB= PORTVERSION=${PORTVERSION}
>
>
>
More information about the svn-ports-all
mailing list