diff options
author | clement <clement@FreeBSD.org> | 2004-08-19 03:40:07 +0800 |
---|---|---|
committer | clement <clement@FreeBSD.org> | 2004-08-19 03:40:07 +0800 |
commit | 49f92a1a1ecdc9ae485e91f16c5968cb42472124 (patch) | |
tree | 15cec36757863beb9abe88a30ef8477a0846a44c /www | |
parent | f9f546567af2b1c06eeb6c83dcc0667d0ea32298 (diff) | |
download | freebsd-ports-gnome-49f92a1a1ecdc9ae485e91f16c5968cb42472124.tar.gz freebsd-ports-gnome-49f92a1a1ecdc9ae485e91f16c5968cb42472124.tar.zst freebsd-ports-gnome-49f92a1a1ecdc9ae485e91f16c5968cb42472124.zip |
- Backport security fixes in ssl_engine_io.c
* [SECURITY] mod_ssl: Fix potential input filter segfaults in
SPECULATIVE mode. (rollback handling for AP_MODE_SPECULATIVE)
"This issue has possible security implications; it's been assigned CVE
CAN-2004-0751 (cve.mitre.org)."
http://issues.apache.org/bugzilla/show_bug.cgi?id=30134
* [SECURITY] mod_ssl: Fix potential infinite loop.
(potential infinite loop in ssl_io_input_getline if connection is
aborted without inctx->rc being set.)
http://issues.apache.org/bugzilla/show_bug.cgi?id=27945
http://issues.apache.org/bugzilla/show_bug.cgi?id=29690
Obtained from: Apache CVS (httpd-2.0 HEAD)
Diffstat (limited to 'www')
-rw-r--r-- | www/apache2/Makefile | 2 | ||||
-rw-r--r-- | www/apache2/files/patch-secfix-modules:ssl:ssl_engine_io.c | 34 | ||||
-rw-r--r-- | www/apache20/Makefile | 2 | ||||
-rw-r--r-- | www/apache20/files/patch-secfix-modules:ssl:ssl_engine_io.c | 34 |
4 files changed, 70 insertions, 2 deletions
diff --git a/www/apache2/Makefile b/www/apache2/Makefile index 156efc00b756..e8f6087e5573 100644 --- a/www/apache2/Makefile +++ b/www/apache2/Makefile @@ -9,7 +9,7 @@ PORTNAME= apache PORTVERSION= 2.0.50 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD} \ http://sheepkiller.nerim.net/ports/${PORTNAME}/:powerlogo diff --git a/www/apache2/files/patch-secfix-modules:ssl:ssl_engine_io.c b/www/apache2/files/patch-secfix-modules:ssl:ssl_engine_io.c new file mode 100644 index 000000000000..f29cfd5aed4d --- /dev/null +++ b/www/apache2/files/patch-secfix-modules:ssl:ssl_engine_io.c @@ -0,0 +1,34 @@ +=================================================================== +RCS file: /home/cvspublic/httpd-2.0/modules/ssl/ssl_engine_io.c,v +retrieving revision 1.124 +retrieving revision 1.126 +diff -u -r1.124 -r1.126 +--- modules/ssl/ssl_engine_io.c 2004/07/13 18:11:22 1.124 ++++ modules/ssl/ssl_engine_io.c 2004/08/17 16:31:23 1.126 +@@ -564,8 +564,12 @@ + *len = bytes; + if (inctx->mode == AP_MODE_SPECULATIVE) { + /* We want to rollback this read. */ +- inctx->cbuf.value -= bytes; +- inctx->cbuf.length += bytes; ++ if (inctx->cbuf.length > 0) { ++ inctx->cbuf.value -= bytes; ++ inctx->cbuf.length += bytes; ++ } else { ++ char_buffer_write(&inctx->cbuf, buf, (int)bytes); ++ } + return APR_SUCCESS; + } + /* This could probably be *len == wanted, but be safe from stray +@@ -589,6 +593,10 @@ + while (1) { + + if (!inctx->filter_ctx->pssl) { ++ /* Ensure a non-zero error code is returned */ ++ if (inctx->rc == APR_SUCCESS) { ++ inctx->rc = APR_EGENERAL; ++ } + break; + } + + diff --git a/www/apache20/Makefile b/www/apache20/Makefile index 156efc00b756..e8f6087e5573 100644 --- a/www/apache20/Makefile +++ b/www/apache20/Makefile @@ -9,7 +9,7 @@ PORTNAME= apache PORTVERSION= 2.0.50 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD} \ http://sheepkiller.nerim.net/ports/${PORTNAME}/:powerlogo diff --git a/www/apache20/files/patch-secfix-modules:ssl:ssl_engine_io.c b/www/apache20/files/patch-secfix-modules:ssl:ssl_engine_io.c new file mode 100644 index 000000000000..f29cfd5aed4d --- /dev/null +++ b/www/apache20/files/patch-secfix-modules:ssl:ssl_engine_io.c @@ -0,0 +1,34 @@ +=================================================================== +RCS file: /home/cvspublic/httpd-2.0/modules/ssl/ssl_engine_io.c,v +retrieving revision 1.124 +retrieving revision 1.126 +diff -u -r1.124 -r1.126 +--- modules/ssl/ssl_engine_io.c 2004/07/13 18:11:22 1.124 ++++ modules/ssl/ssl_engine_io.c 2004/08/17 16:31:23 1.126 +@@ -564,8 +564,12 @@ + *len = bytes; + if (inctx->mode == AP_MODE_SPECULATIVE) { + /* We want to rollback this read. */ +- inctx->cbuf.value -= bytes; +- inctx->cbuf.length += bytes; ++ if (inctx->cbuf.length > 0) { ++ inctx->cbuf.value -= bytes; ++ inctx->cbuf.length += bytes; ++ } else { ++ char_buffer_write(&inctx->cbuf, buf, (int)bytes); ++ } + return APR_SUCCESS; + } + /* This could probably be *len == wanted, but be safe from stray +@@ -589,6 +593,10 @@ + while (1) { + + if (!inctx->filter_ctx->pssl) { ++ /* Ensure a non-zero error code is returned */ ++ if (inctx->rc == APR_SUCCESS) { ++ inctx->rc = APR_EGENERAL; ++ } + break; + } + + |