diff options
author | clement <clement@FreeBSD.org> | 2004-06-29 16:06:20 +0800 |
---|---|---|
committer | clement <clement@FreeBSD.org> | 2004-06-29 16:06:20 +0800 |
commit | dd844472483e0da3f765d3622f459c9c32b88506 (patch) | |
tree | a5562dcac3df862f64f7844f2fb9b133273eb869 /www/apache20 | |
parent | de2235acaf2a0a5d526fe4ea7f4b22373d936c49 (diff) | |
download | freebsd-ports-gnome-dd844472483e0da3f765d3622f459c9c32b88506.tar.gz freebsd-ports-gnome-dd844472483e0da3f765d3622f459c9c32b88506.tar.zst freebsd-ports-gnome-dd844472483e0da3f765d3622f459c9c32b88506.zip |
- Security fix.
CAN-2004-0493 - memory exhaustion denial of service
http://www.freebsd.org/ports/portaudit/81a8c9c2-c94f-11d8-8898-000d6111a684.html
Noticed by: eik
Obtained from: apache CVS
Diffstat (limited to 'www/apache20')
-rw-r--r-- | www/apache20/Makefile | 2 | ||||
-rw-r--r-- | www/apache20/files/patch-server:protocol.c | 32 |
2 files changed, 33 insertions, 1 deletions
diff --git a/www/apache20/Makefile b/www/apache20/Makefile index 54c9a1b8f766..f9a76626224a 100644 --- a/www/apache20/Makefile +++ b/www/apache20/Makefile @@ -9,7 +9,7 @@ PORTNAME= apache PORTVERSION= 2.0.49 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= www ipv6 MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD} \ http://sheepkiller.nerim.net/ports/${PORTNAME}/:powerlogo diff --git a/www/apache20/files/patch-server:protocol.c b/www/apache20/files/patch-server:protocol.c new file mode 100644 index 000000000000..96cd559e63d8 --- /dev/null +++ b/www/apache20/files/patch-server:protocol.c @@ -0,0 +1,32 @@ +=================================================================== +RCS file: /home/cvspublic/httpd-2.0/server/protocol.c,v +retrieving revision 1.121.2.18 +retrieving revision 1.121.2.19 +diff -u -r1.121.2.18 -r1.121.2.19 +--- server/protocol.c 2004/06/11 20:46:41 1.121.2.18 ++++ server/protocol.c 2004/06/28 23:57:14 1.121.2.19 +@@ -719,6 +719,23 @@ + * continuations that span many many lines. + */ + apr_size_t fold_len = last_len + len + 1; /* trailing null */ ++ ++ if ((fold_len - 1) > r->server->limit_req_fieldsize) { ++ r->status = HTTP_BAD_REQUEST; ++ /* report what we have accumulated so far before the ++ * overflow (last_field) as the field with the problem ++ */ ++ apr_table_setn(r->notes, "error-notes", ++ apr_pstrcat(r->pool, ++ "Size of a request header field " ++ "after folding " ++ "exceeds server limit.<br />\n" ++ "<pre>\n", ++ ap_escape_html(r->pool, last_field), ++ "</pre>\n", NULL)); ++ return; ++ } ++ + if (fold_len > alloc_len) { + char *fold_buf; + alloc_len += alloc_len; + |