From 156e00540a51d80c1cadb44d6bbb006a9e2378cc Mon Sep 17 00:00:00 2001 From: taca Date: Mon, 17 Dec 2012 13:36:21 +0000 Subject: Add a patch for SQUID-2012_1.txt. Bump PKGREVISION. --- www/squid27/Makefile | 4 +- www/squid27/distinfo | 3 +- www/squid27/patches/patch-tools_cachemgr.c | 127 +++++++++++++++++++++++++++++ 3 files changed, 131 insertions(+), 3 deletions(-) create mode 100644 www/squid27/patches/patch-tools_cachemgr.c (limited to 'www') diff --git a/www/squid27/Makefile b/www/squid27/Makefile index 088298d87d6..3aa3e9bef38 100644 --- a/www/squid27/Makefile +++ b/www/squid27/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.19 2012/12/16 01:52:39 obache Exp $ +# $NetBSD: Makefile,v 1.20 2012/12/17 13:36:21 taca Exp $ DISTNAME= squid-2.7.STABLE9 -PKGREVISION= 4 +PKGREVISION= 5 PKGNAME= ${DISTNAME:S/STABLE//} CATEGORIES= www diff --git a/www/squid27/distinfo b/www/squid27/distinfo index bf9f371ad42..01dcf7b7966 100644 --- a/www/squid27/distinfo +++ b/www/squid27/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.13 2012/11/19 03:02:50 joerg Exp $ +$NetBSD: distinfo,v 1.14 2012/12/17 13:36:21 taca Exp $ SHA1 (squid-2.7.STABLE9.tar.bz2) = bd389da9b74fd338e358f6b3f83bd3a1ed4d4f6f RMD160 (squid-2.7.STABLE9.tar.bz2) = bfa7c3dc3ede68646603f3379de35f44d7d8e97d @@ -16,3 +16,4 @@ SHA1 (patch-aj) = c5c7cd10a63a5066eee63988775f71758ed5463e SHA1 (patch-ak) = 64c858cc1167ad4a62ed20948ce1c1d844ecae22 SHA1 (patch-al) = a9e957a90dc6956e59668c297dd8566642baecff SHA1 (patch-am) = c31f27816578a05a909c4e64a646919d35e04c42 +SHA1 (patch-tools_cachemgr.c) = 788e1ccb44b5dccf22d7d7d8ded52c7ca87f5492 diff --git a/www/squid27/patches/patch-tools_cachemgr.c b/www/squid27/patches/patch-tools_cachemgr.c new file mode 100644 index 00000000000..6b7695fe1a7 --- /dev/null +++ b/www/squid27/patches/patch-tools_cachemgr.c @@ -0,0 +1,127 @@ +$NetBSD: patch-tools_cachemgr.c,v 1.1 2012/12/17 13:36:21 taca Exp $ + +Trying to handle http://www.squid-cache.org/Advisories/SQUID-2012_1.txt. + +--- tools/cachemgr.c.orig 2008-06-24 22:55:11.000000000 +0000 ++++ tools/cachemgr.c +@@ -509,12 +509,15 @@ munge_action_line(const char *_buf, cach + if ((p = strchr(x, '\n'))) + *p = '\0'; + action = xstrtok(&x, '\t'); ++ if (!action) { ++ xfree(buf); ++ return ""; ++ } + description = xstrtok(&x, '\t'); + if (!description) + description = action; +- if (!action) +- return ""; + snprintf(html, sizeof(html), " %s", menu_url(req, action), description); ++ xfree(buf); + return html; + } + +@@ -715,6 +718,7 @@ process_request(cachemgr_request * req) + if (connect(s, (struct sockaddr *) &S, sizeof(struct sockaddr_in)) < 0) { + snprintf(buf, 1024, "connect: %s\n", xstrerror()); + error_html(buf); ++ close(s); + return 1; + } + l = snprintf(buf, sizeof(buf), +@@ -765,18 +769,43 @@ read_post_request(void) + { + char *s; + char *buf; +- int len; ++ char *endptr; ++ uint64_t len; ++ size_t bufLen, readLen; ++ + if ((s = getenv("REQUEST_METHOD")) == NULL) + return NULL; + if (0 != strcasecmp(s, "POST")) + return NULL; + if ((s = getenv("CONTENT_LENGTH")) == NULL) + return NULL; +- if ((len = atoi(s)) <= 0) ++ if (*s == '-') // negative length content huh? ++ return NULL; ++ ++ endptr = s+ strlen(s); ++ if ((len = strtoll(s, &endptr, 10)) <= 0) + return NULL; +- buf = xmalloc(len + 1); +- fread(buf, len, 1, stdin); +- buf[len] = '\0'; ++ ++ // limit the input to something reasonable. ++ // 4KB should be enough for the GET/POST data length, but may be extended. ++ bufLen = (len >= 4096 ? len : 4095); ++ buf = (char *)xmalloc(bufLen + 1); ++ ++ readLen = fread(buf, bufLen, 1, stdin); ++ if (readLen == 0) { ++ xfree(buf); ++ return NULL; ++ } ++ buf[readLen] = '\0'; ++ len -= readLen; ++ ++ // purge the remainder of the request entity ++ while (len > 0) { ++ char temp[65535]; ++ readLen = fread(temp, 65535, 1, stdin); ++ len -= readLen; ++ } ++ + return buf; + } + +@@ -886,26 +915,38 @@ decode_pub_auth(cachemgr_request * req) + buf = xstrdup(base64_decode(req->pub_auth)); + debug(3) fprintf(stderr, "cmgr: length ok\n"); + /* parse ( a lot of memory leaks, but that is cachemgr style :) */ +- if ((host_name = strtok(buf, "|")) == NULL) ++ if ((host_name = strtok(buf, "|")) == NULL) { ++ xfree(buf); + return; ++ } + debug(3) fprintf(stderr, "cmgr: decoded host: '%s'\n", host_name); +- if ((time_str = strtok(NULL, "|")) == NULL) ++ if ((time_str = strtok(NULL, "|")) == NULL) { ++ xfree(buf); + return; ++ } + debug(3) fprintf(stderr, "cmgr: decoded time: '%s' (now: %d)\n", time_str, (int) now); +- if ((user_name = strtok(NULL, "|")) == NULL) ++ if ((user_name = strtok(NULL, "|")) == NULL) { ++ xfree(buf); + return; ++ } + debug(3) fprintf(stderr, "cmgr: decoded uname: '%s'\n", user_name); +- if ((passwd = strtok(NULL, "|")) == NULL) ++ if ((passwd = strtok(NULL, "|")) == NULL) { ++ xfree(buf); + return; ++ } + debug(2) fprintf(stderr, "cmgr: decoded passwd: '%s'\n", passwd); + /* verify freshness and validity */ +- if (atoi(time_str) + passwd_ttl < now) ++ if (atoi(time_str) + passwd_ttl < now) { ++ xfree(buf); + return; +- if (strcasecmp(host_name, req->hostname)) ++ } ++ if (strcasecmp(host_name, req->hostname)) { ++ xfree(buf); + return; ++ } + debug(1) fprintf(stderr, "cmgr: verified auth. info.\n"); + /* ok, accept */ +- xfree(req->user_name); ++ safe_free(req->user_name); + req->user_name = xstrdup(user_name); + req->passwd = xstrdup(passwd); + xfree(buf); -- cgit v1.2.3