summaryrefslogtreecommitdiff
path: root/network/thttpd/patches
diff options
context:
space:
mode:
authorAntonio Hernández Blas <hba.nihilismus@gmail.com>2010-05-13 01:00:23 +0200
committerDavid Somero <xgizzmo@slackbuilds.org>2010-05-13 01:00:23 +0200
commit31aa3ec3e0153775e449bcdfeaba83b156746c93 (patch)
treebe8ee615ec4a3195c01c409df29f6eb1edfab7d0 /network/thttpd/patches
parent70696b7acf8911f58e6bce1d69c694c3bb233336 (diff)
downloadslackbuilds-31aa3ec3e0153775e449bcdfeaba83b156746c93.tar.gz
network/thttpd: Added to 13.0 repository
Diffstat (limited to 'network/thttpd/patches')
-rw-r--r--network/thttpd/patches/additional-input-validation-httpd.c.diff62
-rw-r--r--network/thttpd/patches/fix-buffer-overflow.diff21
-rw-r--r--network/thttpd/patches/fix-insecure-tmp-creation-CVE-2005-3124.diff19
3 files changed, 102 insertions, 0 deletions
diff --git a/network/thttpd/patches/additional-input-validation-httpd.c.diff b/network/thttpd/patches/additional-input-validation-httpd.c.diff
new file mode 100644
index 0000000000..04f59eac8e
--- /dev/null
+++ b/network/thttpd/patches/additional-input-validation-httpd.c.diff
@@ -0,0 +1,62 @@
+--- thttpd-2.25b/extras/htpasswd.c.orig 2006-03-31 04:12:42.281317000 +0000
++++ thttpd-2.25b/extras/htpasswd.c 2006-03-31 05:21:37.741632392 +0000
+@@ -151,6 +151,7 @@ void interrupted(int signo) {
+ int main(int argc, char *argv[]) {
+ FILE *tfp,*f;
+ char user[MAX_STRING_LEN];
++ char pwfilename[MAX_STRING_LEN];
+ char line[MAX_STRING_LEN];
+ char l[MAX_STRING_LEN];
+ char w[MAX_STRING_LEN];
+@@ -168,6 +169,25 @@ int main(int argc, char *argv[]) {
+ perror("fopen");
+ exit(1);
+ }
++ if (strlen(argv[2]) > (sizeof(pwfilename) - 1)) {
++ fprintf(stderr, "%s: filename is too long\n", argv[0]);
++ exit(1);
++ }
++ if (((strchr(argv[2], ';')) != NULL) || ((strchr(argv[2], '>')) != NULL)) {
++ fprintf(stderr, "%s: filename contains an illegal character\n",
++ argv[0]);
++ exit(1);
++ }
++ if (strlen(argv[3]) > (sizeof(user) - 1)) {
++ fprintf(stderr, "%s: username is too long\n", argv[0],
++ sizeof(user) - 1);
++ exit(1);
++ }
++ if ((strchr(argv[3], ':')) != NULL) {
++ fprintf(stderr, "%s: username contains an illegal character\n",
++ argv[0]);
++ exit(1);
++ }
+ printf("Adding password for %s.\n",argv[3]);
+ add_password(argv[3],tfp);
+ fclose(tfp);
+@@ -180,6 +200,25 @@ int main(int argc, char *argv[]) {
+ exit(1);
+ }
+
++ if (strlen(argv[1]) > (sizeof(pwfilename) - 1)) {
++ fprintf(stderr, "%s: filename is too long\n", argv[0]);
++ exit(1);
++ }
++ if (((strchr(argv[1], ';')) != NULL) || ((strchr(argv[1], '>')) != NULL)) {
++ fprintf(stderr, "%s: filename contains an illegal character\n",
++ argv[0]);
++ exit(1);
++ }
++ if (strlen(argv[2]) > (sizeof(user) - 1)) {
++ fprintf(stderr, "%s: username is too long\n", argv[0],
++ sizeof(user) - 1);
++ exit(1);
++ }
++ if ((strchr(argv[2], ':')) != NULL) {
++ fprintf(stderr, "%s: username contains an illegal character\n",
++ argv[0]);
++ exit(1);
++ }
+ if(!(f = fopen(argv[1],"r"))) {
+ fprintf(stderr,
+ "Could not open passwd file %s for reading.\n",argv[1]);
diff --git a/network/thttpd/patches/fix-buffer-overflow.diff b/network/thttpd/patches/fix-buffer-overflow.diff
new file mode 100644
index 0000000000..cacd732148
--- /dev/null
+++ b/network/thttpd/patches/fix-buffer-overflow.diff
@@ -0,0 +1,21 @@
+diff -Nrup thttpd-2.25b.orig/libhttpd.c thttpd-2.25b/libhttpd.c
+--- thttpd-2.25b.orig/libhttpd.c 2003-12-25 19:06:05.000000000 +0000
++++ thttpd-2.25b/libhttpd.c 2007-01-08 21:43:28.000000000 +0000
+@@ -1469,7 +1469,7 @@ expand_symlinks( char* path, char** rest
+ httpd_realloc_str( &checked, &maxchecked, checkedlen );
+ (void) strcpy( checked, path );
+ /* Trim trailing slashes. */
+- while ( checked[checkedlen - 1] == '/' )
++ while ( checkedlen && checked[checkedlen - 1] == '/' )
+ {
+ checked[checkedlen - 1] = '\0';
+ --checkedlen;
+@@ -1488,7 +1488,7 @@ expand_symlinks( char* path, char** rest
+ restlen = strlen( path );
+ httpd_realloc_str( &rest, &maxrest, restlen );
+ (void) strcpy( rest, path );
+- if ( rest[restlen - 1] == '/' )
++ if ( restlen && rest[restlen - 1] == '/' )
+ rest[--restlen] = '\0'; /* trim trailing slash */
+ if ( ! tildemapped )
+ /* Remove any leading slashes. */
diff --git a/network/thttpd/patches/fix-insecure-tmp-creation-CVE-2005-3124.diff b/network/thttpd/patches/fix-insecure-tmp-creation-CVE-2005-3124.diff
new file mode 100644
index 0000000000..c41ec46b97
--- /dev/null
+++ b/network/thttpd/patches/fix-insecure-tmp-creation-CVE-2005-3124.diff
@@ -0,0 +1,19 @@
+diff -ru thttpd-2.23beta1.orig/extras/syslogtocern thttpd-2.23beta1/extras/syslogtocern
+--- thttpd-2.23beta1.orig/extras/syslogtocern 1999-09-15 18:00:54.000000000 +0200
++++ thttpd-2.23beta1/extras/syslogtocern 2005-10-26 01:45:34.000000000 +0200
+@@ -31,8 +31,8 @@
+ exit 1
+ fi
+
+-tmp1=/tmp/stc1.$$
+-rm -f $tmp1
++tmp1=``mktemp -t stc1.XXXXXX` || { echo "$0: Cannot create temporary file" >&2; exit 1; }
++trap " [ -f \"$tmp1\" ] && /bin/rm -f -- \"$tmp1\"" 0 1 2 3 13 15
+
+ # Gather up all the thttpd entries.
+ egrep ' thttpd\[' $* > $tmp1
+@@ -65,4 +65,3 @@
+ sed -e "s,\([A-Z][a-z][a-z] [0-9 ][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]\) [^ ]* thttpd\[[0-9]*\]: \(.*\),[\1 ${year}] \2," > error_log
+
+ # Done.
+-rm -f $tmp1