Date: Thu, 16 Feb 2017 21:43:12 +0000 (UTC) From: Joseph Mingrone <jrm@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r434257 - in head/www/obhttpd: . files Message-ID: <201702162143.v1GLhCMM038928@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jrm Date: Thu Feb 16 21:43:11 2017 New Revision: 434257 URL: https://svnweb.freebsd.org/changeset/ports/434257 Log: www/obhttpd: Apply OpenBSD errata from January 31st, 2017. Errata text: https://marc.info/?l=openbsd-announce&m=148604065924319&w=2 PR: 216752 Submitted by: t@tobik.me Approved by: swills (mentor, implicit) koue@chaosophia.net (maintainer) Added: head/www/obhttpd/files/patch-usr.sbin_httpd_server__file.c (contents, props changed) Modified: head/www/obhttpd/Makefile Modified: head/www/obhttpd/Makefile ============================================================================== --- head/www/obhttpd/Makefile Thu Feb 16 21:40:34 2017 (r434256) +++ head/www/obhttpd/Makefile Thu Feb 16 21:43:11 2017 (r434257) @@ -2,6 +2,7 @@ PORTNAME= obhttpd PORTVERSION= 6.0.20161006 +PORTREVISION= 1 CATEGORIES= www MAINTAINER= koue@chaosophia.net Added: head/www/obhttpd/files/patch-usr.sbin_httpd_server__file.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/obhttpd/files/patch-usr.sbin_httpd_server__file.c Thu Feb 16 21:43:11 2017 (r434257) @@ -0,0 +1,30 @@ +OpenBSD 6.0 errata 17, Jan 31, 2017 + +A bug in the processing of range headers in httpd can lead to memory +exhaustion. This patch disables range header processing. + +--- usr.sbin/httpd/server_file.c.orig 2016-10-17 10:49:16 UTC ++++ usr.sbin/httpd/server_file.c +@@ -66,7 +66,6 @@ server_file_access(struct httpd *env, st + struct http_descriptor *desc = clt->clt_descreq; + struct server_config *srv_conf = clt->clt_srv_conf; + struct stat st; +- struct kv *r, key; + char *newpath, *encodedpath; + int ret; + +@@ -146,13 +145,7 @@ server_file_access(struct httpd *env, st + goto fail; + } + +- key.kv_key = "Range"; +- r = kv_find(&desc->http_headers, &key); +- if (r != NULL) +- return (server_partial_file_request(env, clt, path, &st, +- r->kv_value)); +- else +- return (server_file_request(env, clt, path, &st)); ++ return (server_file_request(env, clt, path, &st)); + + fail: + switch (errno) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201702162143.v1GLhCMM038928>