aboutsummaryrefslogtreecommitdiffstats
path: root/www/hiawatha
diff options
context:
space:
mode:
authorglarkin <glarkin@FreeBSD.org>2011-03-18 01:45:41 +0800
committerglarkin <glarkin@FreeBSD.org>2011-03-18 01:45:41 +0800
commit37e1bf4e861f0e21d5fc618df6d3cec52fb42c6a (patch)
tree10ba2b57ee8515729e81165b64ffa250f2fe0d87 /www/hiawatha
parent0874aa5aea06d0f76871b19f6b117a500c3765b6 (diff)
downloadfreebsd-ports-gnome-37e1bf4e861f0e21d5fc618df6d3cec52fb42c6a.tar.gz
freebsd-ports-gnome-37e1bf4e861f0e21d5fc618df6d3cec52fb42c6a.tar.zst
freebsd-ports-gnome-37e1bf4e861f0e21d5fc618df6d3cec52fb42c6a.zip
- Added patch to circumvent integer overflow in Content-Length header
parsing, until new upstream package is released. PR: ports/155027 Submitted by: C-S <c-s@c-s.li> Security: b13414c9-50ba-11e0-975a-000c29cc39d3 Security: http://www.hiawatha-webserver.org/weblog/16 Security: http://secunia.com/advisories/43660/
Diffstat (limited to 'www/hiawatha')
-rw-r--r--www/hiawatha/Makefile1
-rw-r--r--www/hiawatha/files/patch-hiawatha.c19
2 files changed, 20 insertions, 0 deletions
diff --git a/www/hiawatha/Makefile b/www/hiawatha/Makefile
index 82a17c989d02..deb5cc5c553a 100644
--- a/www/hiawatha/Makefile
+++ b/www/hiawatha/Makefile
@@ -7,6 +7,7 @@
PORTNAME= hiawatha
PORTVERSION= 7.4
+PORTREVISION= 1
CATEGORIES= www
MASTER_SITES= http://www.hiawatha-webserver.org/files/ \
http://www.c-s.li/ports/
diff --git a/www/hiawatha/files/patch-hiawatha.c b/www/hiawatha/files/patch-hiawatha.c
new file mode 100644
index 000000000000..c6c00ed61877
--- /dev/null
+++ b/www/hiawatha/files/patch-hiawatha.c
@@ -0,0 +1,19 @@
+--- ./hiawatha.c.orig 2010-11-02 17:03:24.000000000 -0400
++++ ./hiawatha.c 2011-02-25 16:41:31.000000000 -0500
+@@ -34,6 +34,7 @@
+ #include <sys/wait.h>
+ #include <sys/socket.h>
+ #include <sys/time.h>
++#include <limits.h>
+ #include "alternative.h"
+ #include "mimetype.h"
+ #include "serverconfig.h"
+@@ -418,7 +419,7 @@
+ *strend = '\0';
+ content_length = str2int(strstart);
+ *strend = '\r';
+- if (content_length < 0) {
++ if ((content_length < 0) || (INT_MAX - content_length - 2 <= header_length)) {
+ result = 400;
+ break;
+ }