summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--www/tinyproxy/Makefile3
-rw-r--r--www/tinyproxy/distinfo5
-rw-r--r--www/tinyproxy/patches/patch-src_child.c24
-rw-r--r--www/tinyproxy/patches/patch-src_hashmap.c85
-rw-r--r--www/tinyproxy/patches/patch-src_reqs.c48
5 files changed, 163 insertions, 2 deletions
diff --git a/www/tinyproxy/Makefile b/www/tinyproxy/Makefile
index 987397539ba..4231c3d4f50 100644
--- a/www/tinyproxy/Makefile
+++ b/www/tinyproxy/Makefile
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.29 2012/12/12 13:01:23 wiz Exp $
+# $NetBSD: Makefile,v 1.30 2012/12/13 09:01:26 wiz Exp $
#
DISTNAME= tinyproxy-1.8.3
+PKGREVISION= 1
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=tinyproxy/}
diff --git a/www/tinyproxy/distinfo b/www/tinyproxy/distinfo
index 815f863fa9b..5aa2c22902c 100644
--- a/www/tinyproxy/distinfo
+++ b/www/tinyproxy/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.7 2012/12/12 13:01:23 wiz Exp $
+$NetBSD: distinfo,v 1.8 2012/12/13 09:01:26 wiz Exp $
SHA1 (tinyproxy-1.8.3.tar.gz) = ebf4bda60ff2d0fdf1846467f07b3bbd9ef90faf
RMD160 (tinyproxy-1.8.3.tar.gz) = 41cae4c8fcc99650a76d7bed52a379a9dd0faef0
@@ -6,3 +6,6 @@ Size (tinyproxy-1.8.3.tar.gz) = 266744 bytes
SHA1 (patch-docs_man5_tinyproxy.conf.txt.in) = 1641f7c44ce84f2ebac6e945760af3ba77976f31
SHA1 (patch-docs_man8_tinyproxy.txt.in) = 12c43d0f874a8794cbe8da7c702e406e8b10a99b
SHA1 (patch-etc_Makefile.in) = 34ab3402bf11be5d2c1521f8ca0254ecbf19fc3c
+SHA1 (patch-src_child.c) = 2263f1aa7edbc31a7b31343487afa4be4fb30405
+SHA1 (patch-src_hashmap.c) = 92234430d31cd97620038a268ffd813344b262ba
+SHA1 (patch-src_reqs.c) = 9a1186ab9ebe71009384ec12aa56aff86f3a1007
diff --git a/www/tinyproxy/patches/patch-src_child.c b/www/tinyproxy/patches/patch-src_child.c
new file mode 100644
index 00000000000..f1ed2d06fd4
--- /dev/null
+++ b/www/tinyproxy/patches/patch-src_child.c
@@ -0,0 +1,24 @@
+$NetBSD: patch-src_child.c,v 1.1 2012/12/13 09:01:26 wiz Exp $
+
+Fix CVE-2012-3505 using Debian patch.
+
+--- src/child.c.orig 2010-01-10 22:52:04.000000000 +0000
++++ src/child.c
+@@ -20,6 +20,9 @@
+ * processing incoming connections.
+ */
+
++#include <stdlib.h>
++#include <time.h>
++
+ #include "main.h"
+
+ #include "child.h"
+@@ -196,6 +199,7 @@ static void child_main (struct child_s *
+ }
+
+ ptr->connects = 0;
++ srand(time(NULL));
+
+ while (!config.quit) {
+ ptr->status = T_WAITING;
diff --git a/www/tinyproxy/patches/patch-src_hashmap.c b/www/tinyproxy/patches/patch-src_hashmap.c
new file mode 100644
index 00000000000..6c6ca62ac67
--- /dev/null
+++ b/www/tinyproxy/patches/patch-src_hashmap.c
@@ -0,0 +1,85 @@
+$NetBSD: patch-src_hashmap.c,v 1.1 2012/12/13 09:01:26 wiz Exp $
+
+Fix CVE-2012-3505 using Debian patch.
+
+--- src/hashmap.c.orig 2010-01-25 18:24:01.000000000 +0000
++++ src/hashmap.c
+@@ -25,6 +25,8 @@
+ * don't try to free the data, or realloc the memory. :)
+ */
+
++#include <stdlib.h>
++
+ #include "main.h"
+
+ #include "hashmap.h"
+@@ -50,6 +52,7 @@ struct hashbucket_s {
+ };
+
+ struct hashmap_s {
++ uint32_t seed;
+ unsigned int size;
+ hashmap_iter end_iterator;
+
+@@ -65,7 +68,7 @@ struct hashmap_s {
+ *
+ * If any of the arguments are invalid a negative number is returned.
+ */
+-static int hashfunc (const char *key, unsigned int size)
++static int hashfunc (const char *key, unsigned int size, uint32_t seed)
+ {
+ uint32_t hash;
+
+@@ -74,7 +77,7 @@ static int hashfunc (const char *key, un
+ if (size == 0)
+ return -ERANGE;
+
+- for (hash = tolower (*key++); *key != '\0'; key++) {
++ for (hash = seed; *key != '\0'; key++) {
+ uint32_t bit = (hash & 1) ? (1 << (sizeof (uint32_t) - 1)) : 0;
+
+ hash >>= 1;
+@@ -104,6 +107,7 @@ hashmap_t hashmap_create (unsigned int n
+ if (!ptr)
+ return NULL;
+
++ ptr->seed = (uint32_t)rand();
+ ptr->size = nbuckets;
+ ptr->buckets = (struct hashbucket_s *) safecalloc (nbuckets,
+ sizeof (struct
+@@ -201,7 +205,7 @@ hashmap_insert (hashmap_t map, const cha
+ if (!data || len < 1)
+ return -ERANGE;
+
+- hash = hashfunc (key, map->size);
++ hash = hashfunc (key, map->size, map->seed);
+ if (hash < 0)
+ return hash;
+
+@@ -382,7 +386,7 @@ ssize_t hashmap_search (hashmap_t map, c
+ if (map == NULL || key == NULL)
+ return -EINVAL;
+
+- hash = hashfunc (key, map->size);
++ hash = hashfunc (key, map->size, map->seed);
+ if (hash < 0)
+ return hash;
+
+@@ -416,7 +420,7 @@ ssize_t hashmap_entry_by_key (hashmap_t
+ if (!map || !key || !data)
+ return -EINVAL;
+
+- hash = hashfunc (key, map->size);
++ hash = hashfunc (key, map->size, map->seed);
+ if (hash < 0)
+ return hash;
+
+@@ -451,7 +455,7 @@ ssize_t hashmap_remove (hashmap_t map, c
+ if (map == NULL || key == NULL)
+ return -EINVAL;
+
+- hash = hashfunc (key, map->size);
++ hash = hashfunc (key, map->size, map->seed);
+ if (hash < 0)
+ return hash;
+
diff --git a/www/tinyproxy/patches/patch-src_reqs.c b/www/tinyproxy/patches/patch-src_reqs.c
new file mode 100644
index 00000000000..34a8215176e
--- /dev/null
+++ b/www/tinyproxy/patches/patch-src_reqs.c
@@ -0,0 +1,48 @@
+$NetBSD: patch-src_reqs.c,v 1.1 2012/12/13 09:01:27 wiz Exp $
+
+Fix CVE-2012-3505 using Debian patch.
+
+--- src/reqs.c.orig 2011-02-07 12:31:03.000000000 +0000
++++ src/reqs.c
+@@ -610,6 +610,11 @@ add_header_to_connection (hashmap_t hash
+ return hashmap_insert (hashofheaders, header, sep, len);
+ }
+
++/* define max number of headers. big enough to handle legitimate cases,
++ * but limited to avoid DoS
++ */
++#define MAX_HEADERS 10000
++
+ /*
+ * Read all the headers from the stream
+ */
+@@ -617,6 +622,7 @@ static int get_all_headers (int fd, hash
+ {
+ char *line = NULL;
+ char *header = NULL;
++ int count;
+ char *tmp;
+ ssize_t linelen;
+ ssize_t len = 0;
+@@ -625,7 +631,7 @@ static int get_all_headers (int fd, hash
+ assert (fd >= 0);
+ assert (hashofheaders != NULL);
+
+- for (;;) {
++ for (count = 0; count < MAX_HEADERS; count++) {
+ if ((linelen = readline (fd, &line)) <= 0) {
+ safefree (header);
+ safefree (line);
+@@ -691,6 +697,12 @@ static int get_all_headers (int fd, hash
+
+ safefree (line);
+ }
++
++ /* if we get there, this is we reached MAX_HEADERS count.
++ bail out with error */
++ safefree (header);
++ safefree (line);
++ return -1;
+ }
+
+ /*