aboutsummaryrefslogtreecommitdiffstats
path: root/www
diff options
context:
space:
mode:
authorclement <clement@FreeBSD.org>2004-08-19 03:40:07 +0800
committerclement <clement@FreeBSD.org>2004-08-19 03:40:07 +0800
commit49f92a1a1ecdc9ae485e91f16c5968cb42472124 (patch)
tree15cec36757863beb9abe88a30ef8477a0846a44c /www
parentf9f546567af2b1c06eeb6c83dcc0667d0ea32298 (diff)
downloadfreebsd-ports-gnome-49f92a1a1ecdc9ae485e91f16c5968cb42472124.tar.gz
freebsd-ports-gnome-49f92a1a1ecdc9ae485e91f16c5968cb42472124.tar.zst
freebsd-ports-gnome-49f92a1a1ecdc9ae485e91f16c5968cb42472124.zip
- Backport security fixes in ssl_engine_io.c
* [SECURITY] mod_ssl: Fix potential input filter segfaults in SPECULATIVE mode. (rollback handling for AP_MODE_SPECULATIVE) "This issue has possible security implications; it's been assigned CVE CAN-2004-0751 (cve.mitre.org)." http://issues.apache.org/bugzilla/show_bug.cgi?id=30134 * [SECURITY] mod_ssl: Fix potential infinite loop. (potential infinite loop in ssl_io_input_getline if connection is aborted without inctx->rc being set.) http://issues.apache.org/bugzilla/show_bug.cgi?id=27945 http://issues.apache.org/bugzilla/show_bug.cgi?id=29690 Obtained from: Apache CVS (httpd-2.0 HEAD)
Diffstat (limited to 'www')
-rw-r--r--www/apache2/Makefile2
-rw-r--r--www/apache2/files/patch-secfix-modules:ssl:ssl_engine_io.c34
-rw-r--r--www/apache20/Makefile2
-rw-r--r--www/apache20/files/patch-secfix-modules:ssl:ssl_engine_io.c34
4 files changed, 70 insertions, 2 deletions
diff --git a/www/apache2/Makefile b/www/apache2/Makefile
index 156efc00b756..e8f6087e5573 100644
--- a/www/apache2/Makefile
+++ b/www/apache2/Makefile
@@ -9,7 +9,7 @@
PORTNAME= apache
PORTVERSION= 2.0.50
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD} \
http://sheepkiller.nerim.net/ports/${PORTNAME}/:powerlogo
diff --git a/www/apache2/files/patch-secfix-modules:ssl:ssl_engine_io.c b/www/apache2/files/patch-secfix-modules:ssl:ssl_engine_io.c
new file mode 100644
index 000000000000..f29cfd5aed4d
--- /dev/null
+++ b/www/apache2/files/patch-secfix-modules:ssl:ssl_engine_io.c
@@ -0,0 +1,34 @@
+===================================================================
+RCS file: /home/cvspublic/httpd-2.0/modules/ssl/ssl_engine_io.c,v
+retrieving revision 1.124
+retrieving revision 1.126
+diff -u -r1.124 -r1.126
+--- modules/ssl/ssl_engine_io.c 2004/07/13 18:11:22 1.124
++++ modules/ssl/ssl_engine_io.c 2004/08/17 16:31:23 1.126
+@@ -564,8 +564,12 @@
+ *len = bytes;
+ if (inctx->mode == AP_MODE_SPECULATIVE) {
+ /* We want to rollback this read. */
+- inctx->cbuf.value -= bytes;
+- inctx->cbuf.length += bytes;
++ if (inctx->cbuf.length > 0) {
++ inctx->cbuf.value -= bytes;
++ inctx->cbuf.length += bytes;
++ } else {
++ char_buffer_write(&inctx->cbuf, buf, (int)bytes);
++ }
+ return APR_SUCCESS;
+ }
+ /* This could probably be *len == wanted, but be safe from stray
+@@ -589,6 +593,10 @@
+ while (1) {
+
+ if (!inctx->filter_ctx->pssl) {
++ /* Ensure a non-zero error code is returned */
++ if (inctx->rc == APR_SUCCESS) {
++ inctx->rc = APR_EGENERAL;
++ }
+ break;
+ }
+
+
diff --git a/www/apache20/Makefile b/www/apache20/Makefile
index 156efc00b756..e8f6087e5573 100644
--- a/www/apache20/Makefile
+++ b/www/apache20/Makefile
@@ -9,7 +9,7 @@
PORTNAME= apache
PORTVERSION= 2.0.50
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD} \
http://sheepkiller.nerim.net/ports/${PORTNAME}/:powerlogo
diff --git a/www/apache20/files/patch-secfix-modules:ssl:ssl_engine_io.c b/www/apache20/files/patch-secfix-modules:ssl:ssl_engine_io.c
new file mode 100644
index 000000000000..f29cfd5aed4d
--- /dev/null
+++ b/www/apache20/files/patch-secfix-modules:ssl:ssl_engine_io.c
@@ -0,0 +1,34 @@
+===================================================================
+RCS file: /home/cvspublic/httpd-2.0/modules/ssl/ssl_engine_io.c,v
+retrieving revision 1.124
+retrieving revision 1.126
+diff -u -r1.124 -r1.126
+--- modules/ssl/ssl_engine_io.c 2004/07/13 18:11:22 1.124
++++ modules/ssl/ssl_engine_io.c 2004/08/17 16:31:23 1.126
+@@ -564,8 +564,12 @@
+ *len = bytes;
+ if (inctx->mode == AP_MODE_SPECULATIVE) {
+ /* We want to rollback this read. */
+- inctx->cbuf.value -= bytes;
+- inctx->cbuf.length += bytes;
++ if (inctx->cbuf.length > 0) {
++ inctx->cbuf.value -= bytes;
++ inctx->cbuf.length += bytes;
++ } else {
++ char_buffer_write(&inctx->cbuf, buf, (int)bytes);
++ }
+ return APR_SUCCESS;
+ }
+ /* This could probably be *len == wanted, but be safe from stray
+@@ -589,6 +593,10 @@
+ while (1) {
+
+ if (!inctx->filter_ctx->pssl) {
++ /* Ensure a non-zero error code is returned */
++ if (inctx->rc == APR_SUCCESS) {
++ inctx->rc = APR_EGENERAL;
++ }
+ break;
+ }
+
+