diff options
author | Arno Töll <arno@debian.org> | 2012-11-22 00:22:27 +0100 |
---|---|---|
committer | Arno Töll <arno@debian.org> | 2012-11-22 00:22:27 +0100 |
commit | 319c2099e1d0cee607d453951c53014c3203c087 (patch) | |
tree | d3a8015cbc1f03c7d520e395ebe45731357495ed | |
parent | fe77617887e7088009a30937542d0a6a55a4a398 (diff) | |
download | lighttpd-319c2099e1d0cee607d453951c53014c3203c087.tar.gz |
Update to 1.3.32; drop patch merged
-rw-r--r-- | debian/changelog | 6 | ||||
-rw-r--r-- | debian/patches/connection-dos.patch | 112 | ||||
-rw-r--r-- | debian/patches/series | 1 |
3 files changed, 4 insertions, 115 deletions
diff --git a/debian/changelog b/debian/changelog index a77da66..10f9452 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,9 +1,11 @@ -lighttpd (1.4.31-4) UNRELEASED; urgency=low +lighttpd (1.4.32-1) UNRELEASED; urgency=low + * New upstream release * Switch VCS to git * Push standards version (no changes) + * Drop the connection-dos.patch - merged upstream. - -- Arno Töll <arno@debian.org> Wed, 21 Nov 2012 23:13:23 +0100 + -- Arno Töll <arno@debian.org> Thu, 22 Nov 2012 00:19:05 +0100 lighttpd (1.4.31-3) unstable; urgency=high diff --git a/debian/patches/connection-dos.patch b/debian/patches/connection-dos.patch deleted file mode 100644 index 72d03f7..0000000 --- a/debian/patches/connection-dos.patch +++ /dev/null @@ -1,112 +0,0 @@ -From: Stefan Bühler <stbuehler@web.de> -Subject: Fix DoS in header value split (CVE-2012-5533) - -Fix DoS in header value split (reported by Jesse Sipprell; CVE-2012-5533) - -Any client which is able to connect to lighttpd can cause a DoS by sending -"strange" Connection headers, for example: "Connection: TE,,Keep-Alive". This -patch fixes the issue. ---- a/src/request.c -+++ b/src/request.c -@@ -209,9 +209,11 @@ - #endif - - static int http_request_split_value(array *vals, buffer *b) { -- char *s; - size_t i; - int state = 0; -+ -+ const char *current; -+ const char *token_start = NULL, *token_end = NULL; - /* - * parse - * -@@ -222,53 +224,52 @@ - - if (b->used == 0) return 0; - -- s = b->ptr; -- -- for (i =0; i < b->used - 1; ) { -- char *start = NULL, *end = NULL; -+ current = b->ptr; -+ for (i = 0; i < b->used; ++i, ++current) { - data_string *ds; - - switch (state) { -- case 0: /* ws */ -- -- /* skip ws */ -- for (; (*s == ' ' || *s == '\t') && i < b->used - 1; i++, s++); -- -- -- state = 1; -- break; -- case 1: /* value */ -- start = s; -- -- for (; *s != ',' && i < b->used - 1; i++, s++); -- if (start == s) break; /* empty fields are skipped */ -- end = s - 1; -- -- for (; end > start && (*end == ' ' || *end == '\t'); end--); -- if (start == end) break; /* empty fields are skipped */ -- -- if (NULL == (ds = (data_string *)array_get_unused_element(vals, TYPE_STRING))) { -- ds = data_string_init(); -+ case 0: /* find start of a token */ -+ switch (*current) { -+ case ' ': -+ case '\t': /* skip white space */ -+ case ',': /* skip empty token */ -+ break; -+ case '\0': /* end of string */ -+ return 0; -+ default: -+ /* found real data, switch to state 1 to find the end of the token */ -+ token_start = token_end = current; -+ state = 1; -+ break; - } -+ break; -+ case 1: /* find end of token and last non white space character */ -+ switch (*current) { -+ case ' ': -+ case '\t': -+ /* space - don't update token_end */ -+ break; -+ case ',': -+ case '\0': /* end of string also marks the end of a token */ -+ if (NULL == (ds = (data_string *)array_get_unused_element(vals, TYPE_STRING))) { -+ ds = data_string_init(); -+ } - -- buffer_copy_string_len(ds->value, start, end-start+1); -- array_insert_unique(vals, (data_unset *)ds); -+ buffer_copy_string_len(ds->value, token_start, token_end-token_start+1); -+ array_insert_unique(vals, (data_unset *)ds); - -- if (*s == ',') { - state = 0; -- i++; -- s++; -- } else { -- /* end of string */ -- -- state = 2; -+ break; -+ default: -+ /* no white space, update token_end to include current character */ -+ token_end = current; -+ break; - } - break; -- default: -- i++; -- break; - } - } -+ - return 0; - } - diff --git a/debian/patches/series b/debian/patches/series index b2d0c0c..e69de29 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1 +0,0 @@ -connection-dos.patch |