add the patch

1 files changed, 35 insertions, 0 deletions

diff --git a/www/libproxy/patches/patch-CVE-2012-4505 b/www/libproxy/patches/patch-CVE-2012-4505
new file mode 100644
index 00000000000..b0adadae707
--- /dev/null
+++ b/www/libproxy/patches/patch-CVE-2012-4505
@@ -0,0 +1,35 @@
+$NetBSD: patch-CVE-2012-4505,v 1.1 2012/11/23 16:41:01 drochner Exp $
+
+see https://bugzilla.redhat.com/show_bug.cgi?id=864612
+
+--- src/lib/pac.c.orig	2009-09-29 19:52:50.000000000 +0000
++++ src/lib/pac.c
+@@ -35,6 +35,9 @@
+ 
+ #define PAC_MIME_TYPE "application/x-ns-proxy-autoconfig"
+ 
++// This is the maximum pac size (to avoid memory attacks)
++#define PAC_MAX_SIZE 102400
++
+ /**
+  * ProxyAutoConfig object.  All fields are private.
+  */
+@@ -159,12 +162,15 @@ px_pac_reload(pxPAC *self)
+ 		}
+ 
+ 		/* Get content */
+-		if (!content_length || !correct_mime_type) goto error;
++		if (content_length == 0 || content_length > PAC_MAX_SIZE || !correct_mime_type) goto error;
+ 		px_free(line); line = NULL;
+ 		px_free(self->cache);
+ 		self->cache = px_malloc0(content_length+1);
+-		for (int recvd=0 ; recvd != content_length ; )
+-			recvd += recv(sock, self->cache + recvd, content_length - recvd, 0);
++		for (int recvd=0 ; recvd != content_length ; ) {
++			int r = recv(sock, self->cache + recvd, content_length - recvd, 0);
++			if (r <= 0) goto error;
++			recvd += r;
++		}
+ 	}
+ 	else
+ 	{ /* file:// url */