add the patch
This commit is contained in:
drochner
parent
f4ab78ec9b
commit
f41c7d30f5
1 changed files with 35 additions and 0 deletions
35
www/libproxy/patches/patch-CVE-2012-4505
Normal file
35
www/libproxy/patches/patch-CVE-2012-4505
Normal file
|
|
@ -0,0 +1,35 @@
|
|||
$NetBSD: patch-CVE-2012-4505,v 1.1 2012/11/23 16:41:01 drochner Exp $
|
||||
|
||||
see https://bugzilla.redhat.com/show_bug.cgi?id=864612
|
||||
|
||||
--- src/lib/pac.c.orig 2009-09-29 19:52:50.000000000 +0000
|
||||
+++ src/lib/pac.c
|
||||
@@ -35,6 +35,9 @@
|
||||
|
||||
#define PAC_MIME_TYPE "application/x-ns-proxy-autoconfig"
|
||||
|
||||
+// This is the maximum pac size (to avoid memory attacks)
|
||||
+#define PAC_MAX_SIZE 102400
|
||||
+
|
||||
/**
|
||||
* ProxyAutoConfig object. All fields are private.
|
||||
*/
|
||||
@@ -159,12 +162,15 @@ px_pac_reload(pxPAC *self)
|
||||
}
|
||||
|
||||
/* Get content */
|
||||
- if (!content_length || !correct_mime_type) goto error;
|
||||
+ if (content_length == 0 || content_length > PAC_MAX_SIZE || !correct_mime_type) goto error;
|
||||
px_free(line); line = NULL;
|
||||
px_free(self->cache);
|
||||
self->cache = px_malloc0(content_length+1);
|
||||
- for (int recvd=0 ; recvd != content_length ; )
|
||||
- recvd += recv(sock, self->cache + recvd, content_length - recvd, 0);
|
||||
+ for (int recvd=0 ; recvd != content_length ; ) {
|
||||
+ int r = recv(sock, self->cache + recvd, content_length - recvd, 0);
|
||||
+ if (r <= 0) goto error;
|
||||
+ recvd += r;
|
||||
+ }
|
||||
}
|
||||
else
|
||||
{ /* file:// url */
|
||||
Loading…
Reference in a new issue