www/obhttpd: Apply OpenBSD errata from January 31st, 2017.

Errata text: https://marc.info/?l=openbsd-announce&m=148604065924319&w=2

PR:		216752
Submitted by:	t@tobik.me
Approved by:	swills (mentor, implicit) koue@chaosophia.net (maintainer)

2 files changed, 31 insertions, 0 deletions

diff --git a/www/obhttpd/Makefile b/www/obhttpd/Makefile
index 68a03e95fb06..5b3b89837651 100644
--- a/www/obhttpd/Makefile
+++ b/www/obhttpd/Makefile
@@ -2,6 +2,7 @@
 
 PORTNAME=	obhttpd
 PORTVERSION=	6.0.20161006
+PORTREVISION=	1
 CATEGORIES=	www
 
 MAINTAINER=	koue@chaosophia.net
diff --git a/www/obhttpd/files/patch-usr.sbin_httpd_server__file.c b/www/obhttpd/files/patch-usr.sbin_httpd_server__file.c
new file mode 100644
index 000000000000..0294db6dedee
--- /dev/null
+++ b/www/obhttpd/files/patch-usr.sbin_httpd_server__file.c
@@ -0,0 +1,30 @@
+OpenBSD 6.0 errata 17, Jan 31, 2017
+
+A bug in the processing of range headers in httpd can lead to memory
+exhaustion. This patch disables range header processing.
+
+--- usr.sbin/httpd/server_file.c.orig	2016-10-17 10:49:16 UTC
++++ usr.sbin/httpd/server_file.c
+@@ -66,7 +66,6 @@ server_file_access(struct httpd *env, st
+ 	struct http_descriptor	*desc = clt->clt_descreq;
+ 	struct server_config	*srv_conf = clt->clt_srv_conf;
+ 	struct stat		 st;
+-	struct kv		*r, key;
+ 	char			*newpath, *encodedpath;
+ 	int			 ret;
+ 
+@@ -146,13 +145,7 @@ server_file_access(struct httpd *env, st
+ 		goto fail;
+ 	}
+ 
+-	key.kv_key = "Range";
+-	r = kv_find(&desc->http_headers, &key);
+-	if (r != NULL)
+-		return (server_partial_file_request(env, clt, path, &st,
+-		    r->kv_value));
+-	else
+-		return (server_file_request(env, clt, path, &st));
++	return (server_file_request(env, clt, path, &st));
+ 
+  fail:
+ 	switch (errno) {