diff options
author | drochner <drochner> | 2012-11-23 16:41:01 +0000 |
---|---|---|
committer | drochner <drochner> | 2012-11-23 16:41:01 +0000 |
commit | 10a5012aed1c8c0ff5915f0bc6b1dc1d12692319 (patch) | |
tree | ac4d7734e6513484f3782be5158ebf39b863ca60 /www/libproxy | |
parent | 28c87164caae96aec04a5a16bb05f003da55a0e6 (diff) | |
download | pkgsrc-10a5012aed1c8c0ff5915f0bc6b1dc1d12692319.tar.gz |
add the patch
Diffstat (limited to 'www/libproxy')
-rw-r--r-- | www/libproxy/patches/patch-CVE-2012-4505 | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/www/libproxy/patches/patch-CVE-2012-4505 b/www/libproxy/patches/patch-CVE-2012-4505 new file mode 100644 index 00000000000..b0adadae707 --- /dev/null +++ b/www/libproxy/patches/patch-CVE-2012-4505 @@ -0,0 +1,35 @@ +$NetBSD: patch-CVE-2012-4505,v 1.1 2012/11/23 16:41:01 drochner Exp $ + +see https://bugzilla.redhat.com/show_bug.cgi?id=864612 + +--- src/lib/pac.c.orig 2009-09-29 19:52:50.000000000 +0000 ++++ src/lib/pac.c +@@ -35,6 +35,9 @@ + + #define PAC_MIME_TYPE "application/x-ns-proxy-autoconfig" + ++// This is the maximum pac size (to avoid memory attacks) ++#define PAC_MAX_SIZE 102400 ++ + /** + * ProxyAutoConfig object. All fields are private. + */ +@@ -159,12 +162,15 @@ px_pac_reload(pxPAC *self) + } + + /* Get content */ +- if (!content_length || !correct_mime_type) goto error; ++ if (content_length == 0 || content_length > PAC_MAX_SIZE || !correct_mime_type) goto error; + px_free(line); line = NULL; + px_free(self->cache); + self->cache = px_malloc0(content_length+1); +- for (int recvd=0 ; recvd != content_length ; ) +- recvd += recv(sock, self->cache + recvd, content_length - recvd, 0); ++ for (int recvd=0 ; recvd != content_length ; ) { ++ int r = recv(sock, self->cache + recvd, content_length - recvd, 0); ++ if (r <= 0) goto error; ++ recvd += r; ++ } + } + else + { /* file:// url */ |