svn commit: r434257 - in head/www/obhttpd: . files
Joseph Mingrone
jrm at FreeBSD.org
Thu Feb 16 21:43:13 UTC 2017
Author: jrm
Date: Thu Feb 16 21:43:11 2017
New Revision: 434257
URL: https://svnweb.freebsd.org/changeset/ports/434257
Log:
www/obhttpd: Apply OpenBSD errata from January 31st, 2017.
Errata text: https://marc.info/?l=openbsd-announce&m=148604065924319&w=2
PR: 216752
Submitted by: t at tobik.me
Approved by: swills (mentor, implicit) koue at chaosophia.net (maintainer)
Added:
head/www/obhttpd/files/patch-usr.sbin_httpd_server__file.c (contents, props changed)
Modified:
head/www/obhttpd/Makefile
Modified: head/www/obhttpd/Makefile
==============================================================================
--- head/www/obhttpd/Makefile Thu Feb 16 21:40:34 2017 (r434256)
+++ head/www/obhttpd/Makefile Thu Feb 16 21:43:11 2017 (r434257)
@@ -2,6 +2,7 @@
PORTNAME= obhttpd
PORTVERSION= 6.0.20161006
+PORTREVISION= 1
CATEGORIES= www
MAINTAINER= koue at chaosophia.net
Added: head/www/obhttpd/files/patch-usr.sbin_httpd_server__file.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/www/obhttpd/files/patch-usr.sbin_httpd_server__file.c Thu Feb 16 21:43:11 2017 (r434257)
@@ -0,0 +1,30 @@
+OpenBSD 6.0 errata 17, Jan 31, 2017
+
+A bug in the processing of range headers in httpd can lead to memory
+exhaustion. This patch disables range header processing.
+
+--- usr.sbin/httpd/server_file.c.orig 2016-10-17 10:49:16 UTC
++++ usr.sbin/httpd/server_file.c
+@@ -66,7 +66,6 @@ server_file_access(struct httpd *env, st
+ struct http_descriptor *desc = clt->clt_descreq;
+ struct server_config *srv_conf = clt->clt_srv_conf;
+ struct stat st;
+- struct kv *r, key;
+ char *newpath, *encodedpath;
+ int ret;
+
+@@ -146,13 +145,7 @@ server_file_access(struct httpd *env, st
+ goto fail;
+ }
+
+- key.kv_key = "Range";
+- r = kv_find(&desc->http_headers, &key);
+- if (r != NULL)
+- return (server_partial_file_request(env, clt, path, &st,
+- r->kv_value));
+- else
+- return (server_file_request(env, clt, path, &st));
++ return (server_file_request(env, clt, path, &st));
+
+ fail:
+ switch (errno) {
More information about the svn-ports-head
mailing list