diff options
| author | wxs <wxs@FreeBSD.org> | 2009-06-15 21:59:43 +0800 |
|---|---|---|
| committer | wxs <wxs@FreeBSD.org> | 2009-06-15 21:59:43 +0800 |
| commit | 525f6bb22e865b15024ed9ac7059bcc085e940e7 (patch) | |
| tree | c20886499e13334368ee9c37b9d611377aaf906d /devel/git | |
| parent | 367803c540dfec094d5a9424e10b7429c18fe5ed (diff) | |
| download | freebsd-ports-gnome-525f6bb22e865b15024ed9ac7059bcc085e940e7.tar.gz freebsd-ports-gnome-525f6bb22e865b15024ed9ac7059bcc085e940e7.tar.zst freebsd-ports-gnome-525f6bb22e865b15024ed9ac7059bcc085e940e7.zip | |
- Fix the DoS issue using the patch from upstream.
Security: d9b01c08-59b3-11de-828e-00e0815b8da8
Diffstat (limited to 'devel/git')
| -rw-r--r-- | devel/git/Makefile | 1 | ||||
| -rw-r--r-- | devel/git/files/patch-dos | 57 |
2 files changed, 58 insertions, 0 deletions
diff --git a/devel/git/Makefile b/devel/git/Makefile index d39214e43a8c..779e6432b298 100644 --- a/devel/git/Makefile +++ b/devel/git/Makefile @@ -7,6 +7,7 @@ PORTNAME= git PORTVERSION= 1.6.3.2 +PORTREVISION= 1 CATEGORIES= devel MASTER_SITES= ${MASTER_SITE_KERNEL_ORG} MASTER_SITE_SUBDIR= software/scm/${PORTNAME} diff --git a/devel/git/files/patch-dos b/devel/git/files/patch-dos new file mode 100644 index 000000000000..be68c253c86a --- /dev/null +++ b/devel/git/files/patch-dos @@ -0,0 +1,57 @@ +diff --git connect.c.orig connect.c +index f6b8ba6..958c831 100644 +--- connect.c.orig ++++ connect.c +@@ -579,7 +579,10 @@ struct child_process *git_connect(int fd[2], const char *url_orig, + git_tcp_connect(fd, host, flags); + /* + * Separate original protocol components prog and path +- * from extended components with a NUL byte. ++ * from extended host header with a NUL byte. ++ * ++ * Note: Do not add any other headers here! Doing so ++ * will cause older git-daemon servers to crash. + */ + packet_write(fd[1], + "%s %s%chost=%s%c", +diff --git daemon.c.orig daemon.c +index daa4c8e..b2babcc 100644 +--- daemon.c.orig ++++ daemon.c +@@ -406,15 +406,15 @@ static char *xstrdup_tolower(const char *str) + } + + /* +- * Separate the "extra args" information as supplied by the client connection. ++ * Read the host as supplied by the client connection. + */ +-static void parse_extra_args(char *extra_args, int buflen) ++static void parse_host_arg(char *extra_args, int buflen) + { + char *val; + int vallen; + char *end = extra_args + buflen; + +- while (extra_args < end && *extra_args) { ++ if (extra_args < end && *extra_args) { + saw_extended_args = 1; + if (strncasecmp("host=", extra_args, 5) == 0) { + val = extra_args + 5; +@@ -436,6 +436,8 @@ static void parse_extra_args(char *extra_args, int buflen) + /* On to the next one */ + extra_args = val + vallen; + } ++ if (extra_args < end && *extra_args) ++ die("Invalid request"); + } + + /* +@@ -545,7 +547,7 @@ static int execute(struct sockaddr *addr) + hostname = canon_hostname = ip_address = tcp_port = NULL; + + if (len != pktlen) +- parse_extra_args(line + len + 1, pktlen - len - 1); ++ parse_host_arg(line + len + 1, pktlen - len - 1); + + for (i = 0; i < ARRAY_SIZE(daemon_service); i++) { + struct daemon_service *s = &(daemon_service[i]); |