aboutsummaryrefslogtreecommitdiffstats
path: root/www/apache20
diff options
context:
space:
mode:
authorclement <clement@FreeBSD.org>2004-06-29 16:06:20 +0800
committerclement <clement@FreeBSD.org>2004-06-29 16:06:20 +0800
commitdd844472483e0da3f765d3622f459c9c32b88506 (patch)
treea5562dcac3df862f64f7844f2fb9b133273eb869 /www/apache20
parentde2235acaf2a0a5d526fe4ea7f4b22373d936c49 (diff)
downloadfreebsd-ports-gnome-dd844472483e0da3f765d3622f459c9c32b88506.tar.gz
freebsd-ports-gnome-dd844472483e0da3f765d3622f459c9c32b88506.tar.zst
freebsd-ports-gnome-dd844472483e0da3f765d3622f459c9c32b88506.zip
- Security fix.
CAN-2004-0493 - memory exhaustion denial of service http://www.freebsd.org/ports/portaudit/81a8c9c2-c94f-11d8-8898-000d6111a684.html Noticed by: eik Obtained from: apache CVS
Diffstat (limited to 'www/apache20')
-rw-r--r--www/apache20/Makefile2
-rw-r--r--www/apache20/files/patch-server:protocol.c32
2 files changed, 33 insertions, 1 deletions
diff --git a/www/apache20/Makefile b/www/apache20/Makefile
index 54c9a1b8f766..f9a76626224a 100644
--- a/www/apache20/Makefile
+++ b/www/apache20/Makefile
@@ -9,7 +9,7 @@
PORTNAME= apache
PORTVERSION= 2.0.49
-PORTREVISION= 2
+PORTREVISION= 3
CATEGORIES= www ipv6
MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD} \
http://sheepkiller.nerim.net/ports/${PORTNAME}/:powerlogo
diff --git a/www/apache20/files/patch-server:protocol.c b/www/apache20/files/patch-server:protocol.c
new file mode 100644
index 000000000000..96cd559e63d8
--- /dev/null
+++ b/www/apache20/files/patch-server:protocol.c
@@ -0,0 +1,32 @@
+===================================================================
+RCS file: /home/cvspublic/httpd-2.0/server/protocol.c,v
+retrieving revision 1.121.2.18
+retrieving revision 1.121.2.19
+diff -u -r1.121.2.18 -r1.121.2.19
+--- server/protocol.c 2004/06/11 20:46:41 1.121.2.18
++++ server/protocol.c 2004/06/28 23:57:14 1.121.2.19
+@@ -719,6 +719,23 @@
+ * continuations that span many many lines.
+ */
+ apr_size_t fold_len = last_len + len + 1; /* trailing null */
++
++ if ((fold_len - 1) > r->server->limit_req_fieldsize) {
++ r->status = HTTP_BAD_REQUEST;
++ /* report what we have accumulated so far before the
++ * overflow (last_field) as the field with the problem
++ */
++ apr_table_setn(r->notes, "error-notes",
++ apr_pstrcat(r->pool,
++ "Size of a request header field "
++ "after folding "
++ "exceeds server limit.<br />\n"
++ "<pre>\n",
++ ap_escape_html(r->pool, last_field),
++ "</pre>\n", NULL));
++ return;
++ }
++
+ if (fold_len > alloc_len) {
+ char *fold_buf;
+ alloc_len += alloc_len;
+