diff options
| author | ultima <ultima@FreeBSD.org> | 2019-09-02 06:48:46 +0800 |
|---|---|---|
| committer | ultima <ultima@FreeBSD.org> | 2019-09-02 06:48:46 +0800 |
| commit | fb6320a88545a2961c01ef15c0ed37f7565665b0 (patch) | |
| tree | 80e6baccb741a3a83384d8aa9b19e5d9937894e4 /www | |
| parent | 57db2f9e2376898dd34bd38fff23759f01eaf895 (diff) | |
| download | freebsd-ports-gnome-fb6320a88545a2961c01ef15c0ed37f7565665b0.tar.gz freebsd-ports-gnome-fb6320a88545a2961c01ef15c0ed37f7565665b0.tar.zst freebsd-ports-gnome-fb6320a88545a2961c01ef15c0ed37f7565665b0.zip | |
Fix stack overflow that can occur in libevhtp
libevhtp allocates a stack based on data length
when C99 is detected at compile time. There are
no checks to verify that the stack is big enough
which can cause a stack overflow.
Adding EVHTP_HAS_C99=false at compile time changes
this behavior by allocate to a buffer which has
proper checks in place.
More information about this bug can be found at:
https://github.com/criticalstack/libevhtp/issues/118
https://github.com/haiwen/seafile/issues/1928
MFH: 2019Q3
Diffstat (limited to 'www')
| -rw-r--r-- | www/libevhtp/Makefile | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/www/libevhtp/Makefile b/www/libevhtp/Makefile index 21ed6901e71e..261061850e72 100644 --- a/www/libevhtp/Makefile +++ b/www/libevhtp/Makefile @@ -2,7 +2,7 @@ PORTNAME= libevhtp PORTVERSION= 1.2.16 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= www MAINTAINER= ultima@FreeBSD.org @@ -19,7 +19,8 @@ USE_GITHUB= yes GH_ACCOUNT= criticalstack CMAKE_ARGS= -DCMAKE_INCLUDE_PATH:PATH=include/event2 \ - -DCMAKE_LIBRARY_PATH:PATH=lib/event2 + -DCMAKE_LIBRARY_PATH:PATH=lib/event2 \ + -DEVHTP_HAS_C99:BOOL=FALSE PLIST_SUB= PORTVERSION=${PORTVERSION} |