diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2012-12-06 20:41:34 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2012-12-07 08:30:24 +0000 |
| commit | d7c55cd683734666163de29824806a7096e998b3 (patch) | |
| tree | a7f3443d6943c1ad2b9d567ca3431dfa8817caca | |
| parent | 02ce8a55c740b8a702d035d196a65e4a03725db0 (diff) | |
| download | aports-d7c55cd683734666163de29824806a7096e998b3.tar.bz2 aports-d7c55cd683734666163de29824806a7096e998b3.tar.xz | |
main/tinyproxy: fix CVE-2012-3505
fixes #1515
| -rw-r--r-- | main/tinyproxy/APKBUILD | 9 | ||||
| -rw-r--r-- | main/tinyproxy/limit_headers.patch | 46 |
2 files changed, 54 insertions, 1 deletions
diff --git a/main/tinyproxy/APKBUILD b/main/tinyproxy/APKBUILD index 28ec287fe..8c62f955e 100644 --- a/main/tinyproxy/APKBUILD +++ b/main/tinyproxy/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Michael Mason <ms13sp@gmail.com> pkgname=tinyproxy pkgver=1.8.3 -pkgrel=1 +pkgrel=2 pkgdesc="Lightweight HTTP proxy" pkgusers="tinyproxy" pkggroups="tinyproxy" @@ -14,12 +14,18 @@ makedepends="asciidoc" install="tinyproxy.pre-install" subpackages="$pkgname-doc" source="https://www.banu.com/pub/$pkgname/${pkgver%.*}/$pkgname-$pkgver.tar.bz2 + limit_headers.patch tinyproxy.initd " _builddir="$srcdir/$pkgname-$pkgver" prepare() { cd "$_builddir" + for i in $source; do + case $i in + *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; + esac + done # set default user to tinyproxy:tinyproxy and correct pidfile sed -i -e 's:^User.*:User tinyproxy:' \ @@ -47,4 +53,5 @@ package() { } md5sums="292ac51da8ad6ae883d4ebf56908400d tinyproxy-1.8.3.tar.bz2 +cf72d2503f6415079c4702853d467ea8 limit_headers.patch ce2b2e3c79fa0e8491fe625bbb15710a tinyproxy.initd" diff --git a/main/tinyproxy/limit_headers.patch b/main/tinyproxy/limit_headers.patch new file mode 100644 index 000000000..1e3e7fb32 --- /dev/null +++ b/main/tinyproxy/limit_headers.patch @@ -0,0 +1,46 @@ +diff --git a/src/reqs.c b/src/reqs.c +index 2e13f48..ce46bf3 100644 +--- a/src/reqs.c ++++ b/src/reqs.c +@@ -641,6 +641,11 @@ add_header_to_connection (hashmap_t hashofheaders, char *header, size_t len) + return hashmap_insert (hashofheaders, header, sep, len); + } + ++/* define max number of headers. big enough to handle legitimate cases, ++ * but limited to avoid DoS ++ */ ++#define MAX_HEADERS 10000 ++ + /* + * Read all the headers from the stream + */ +@@ -648,6 +653,7 @@ static int get_all_headers (int fd, hashmap_t hashofheaders) + { + char *line = NULL; + char *header = NULL; ++ int count; + char *tmp; + ssize_t linelen; + ssize_t len = 0; +@@ -656,7 +662,7 @@ static int get_all_headers (int fd, hashmap_t hashofheaders) + assert (fd >= 0); + assert (hashofheaders != NULL); + +- for (;;) { ++ for (count = 0; count < MAX_HEADERS; count++) { + if ((linelen = readline (fd, &line)) <= 0) { + safefree (header); + safefree (line); +@@ -722,6 +728,12 @@ static int get_all_headers (int fd, hashmap_t hashofheaders) + + safefree (line); + } ++ ++ /* if we get there, this is we reached MAX_HEADERS count. ++ bail out with error */ ++ safefree (header); ++ safefree (line); ++ return -1; + } + + /* |