main/tinyproxy: fix CVE-2012-3505

fixes #1515

main/tinyproxy: fix CVE-2012-3505
d7c55cd6 · Natanael Copa · 02ce8a55 · d7c55cd6 · d7c55cd6
Commit d7c55cd6 authored 12 years ago by Natanael Copa
--- a/main/tinyproxy/APKBUILD
+++ b/main/tinyproxy/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Michael Mason <ms13sp@gmail.com>
 pkgname=tinyproxy
 pkgver=1.8.3
-pkgrel=1
+pkgrel=2
 pkgdesc="Lightweight HTTP proxy"
 pkgusers="tinyproxy"
 pkggroups="tinyproxy"
@@ -14,12 +14,18 @@ makedepends="asciidoc"
 install="tinyproxy.pre-install"
 subpackages="$pkgname-doc"
 source="https://www.banu.com/pub/$pkgname/${pkgver%.*}/$pkgname-$pkgver.tar.bz2
+	limit_headers.patch
 	tinyproxy.initd
 	"

 _builddir="$srcdir/$pkgname-$pkgver"
 prepare() {
 	cd "$_builddir"
+	for i in $source; do
+		case $i in
+		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
+		esac
+	done

 	# set default user to tinyproxy:tinyproxy and correct pidfile
 	sed -i -e 's:^User.*:User tinyproxy:' \
@@ -47,4 +53,5 @@ package() {
 }

 md5sums="292ac51da8ad6ae883d4ebf56908400d  tinyproxy-1.8.3.tar.bz2
+cf72d2503f6415079c4702853d467ea8  limit_headers.patch
 ce2b2e3c79fa0e8491fe625bbb15710a  tinyproxy.initd"
--- a/main/tinyproxy/limit_headers.patch
+++ b/main/tinyproxy/limit_headers.patch
+diff --git a/src/reqs.c b/src/reqs.c
+index 2e13f48..ce46bf3 100644
+--- a/src/reqs.c
+++ b/src/reqs.c
+@@ -641,6 +641,11 @@ add_header_to_connection (hashmap_t hashofheaders, char *header, size_t len)
+         return hashmap_insert (hashofheaders, header, sep, len);
+ }
+ 
+/* define max number of headers. big enough to handle legitimate cases,
+ * but limited to avoid DoS 
+ */
+#define MAX_HEADERS 10000
+
+ /*
+  * Read all the headers from the stream
+  */
+@@ -648,6 +653,7 @@ static int get_all_headers (int fd, hashmap_t hashofheaders)
+ {
+         char *line = NULL;
+         char *header = NULL;
+	int count;
+         char *tmp;
+         ssize_t linelen;
+         ssize_t len = 0;
+@@ -656,7 +662,7 @@ static int get_all_headers (int fd, hashmap_t hashofheaders)
+         assert (fd >= 0);
+         assert (hashofheaders != NULL);
+ 
+-        for (;;) {
+        for (count = 0; count < MAX_HEADERS; count++) {
+                 if ((linelen = readline (fd, &line)) <= 0) {
+                         safefree (header);
+                         safefree (line);
+@@ -722,6 +728,12 @@ static int get_all_headers (int fd, hashmap_t hashofheaders)
+ 
+                 safefree (line);
+         }
+
+	/* if we get there, this is we reached MAX_HEADERS count.
+	   bail out with error */
+	safefree (header);
+	safefree (line);
+	return -1;
+ }
+ 
+ /*