- Security fix.

CAN-2004-0493 - memory exhaustion denial of service http://www.freebsd.org/ports/portaudit/81a8c9c2-c94f-11d8-8898-000d6111a684.html Noticed by: eik Obtained from: apache CVS
author: Clement Laforet <clement@FreeBSD.org> 2004-06-29 08:06:20 +0000
committer: Clement Laforet <clement@FreeBSD.org> 2004-06-29 08:06:20 +0000
commit: 3f4b32767a3c92af5f4a363cd981b916735b7361 (patch)
tree: 26066b1d381f87425ab9972acce70d67de94f253 /www
parent: Use shared library www/neon rather than included libneon (security fix). (diff)
4 files changed, 66 insertions, 2 deletions
diff --git a/www/apache2/Makefile b/www/apache2/Makefile
index 54c9a1b8f766..f9a76626224a 100644
--- a/www/apache2/Makefile
+++ b/www/apache2/Makefile
@@ -9,7 +9,7 @@
 
 PORTNAME=	apache
 PORTVERSION=	2.0.49
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	www ipv6
 MASTER_SITES=	${MASTER_SITE_APACHE_HTTPD} \
 		http://sheepkiller.nerim.net/ports/${PORTNAME}/:powerlogo
diff --git a/www/apache2/files/patch-server:protocol.c b/www/apache2/files/patch-server:protocol.c
new file mode 100644
index 000000000000..96cd559e63d8
--- /dev/null
+++ b/www/apache2/files/patch-server:protocol.c
@@ -0,0 +1,32 @@
+===================================================================
+RCS file: /home/cvspublic/httpd-2.0/server/protocol.c,v
+retrieving revision 1.121.2.18
+retrieving revision 1.121.2.19
+diff -u -r1.121.2.18 -r1.121.2.19
+--- server/protocol.c	2004/06/11 20:46:41	1.121.2.18
++++ server/protocol.c	2004/06/28 23:57:14	1.121.2.19
+@@ -719,6 +719,23 @@
+                  * continuations that span many many lines.
+                  */
+                 apr_size_t fold_len = last_len + len + 1; /* trailing null */
++
++                if ((fold_len - 1) > r->server->limit_req_fieldsize) {
++                    r->status = HTTP_BAD_REQUEST;
++                    /* report what we have accumulated so far before the
++                     * overflow (last_field) as the field with the problem
++                     */
++                    apr_table_setn(r->notes, "error-notes",
++                                   apr_pstrcat(r->pool,
++                                               "Size of a request header field " 
++                                               "after folding "
++                                               "exceeds server limit.<br />\n"
++                                               "<pre>\n",
++                                               ap_escape_html(r->pool, last_field),
++                                               "</pre>\n", NULL));
++                    return;
++                }
++
+                 if (fold_len > alloc_len) {
+                     char *fold_buf;
+                     alloc_len += alloc_len;
+
diff --git a/www/apache20/Makefile b/www/apache20/Makefile
index 54c9a1b8f766..f9a76626224a 100644
--- a/www/apache20/Makefile
+++ b/www/apache20/Makefile
@@ -9,7 +9,7 @@
 
 PORTNAME=	apache
 PORTVERSION=	2.0.49
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	www ipv6
 MASTER_SITES=	${MASTER_SITE_APACHE_HTTPD} \
 		http://sheepkiller.nerim.net/ports/${PORTNAME}/:powerlogo
diff --git a/www/apache20/files/patch-server:protocol.c b/www/apache20/files/patch-server:protocol.c
new file mode 100644
index 000000000000..96cd559e63d8
--- /dev/null
+++ b/www/apache20/files/patch-server:protocol.c
@@ -0,0 +1,32 @@
+===================================================================
+RCS file: /home/cvspublic/httpd-2.0/server/protocol.c,v
+retrieving revision 1.121.2.18
+retrieving revision 1.121.2.19
+diff -u -r1.121.2.18 -r1.121.2.19
+--- server/protocol.c	2004/06/11 20:46:41	1.121.2.18
++++ server/protocol.c	2004/06/28 23:57:14	1.121.2.19
+@@ -719,6 +719,23 @@
+                  * continuations that span many many lines.
+                  */
+                 apr_size_t fold_len = last_len + len + 1; /* trailing null */
++
++                if ((fold_len - 1) > r->server->limit_req_fieldsize) {
++                    r->status = HTTP_BAD_REQUEST;
++                    /* report what we have accumulated so far before the
++                     * overflow (last_field) as the field with the problem
++                     */
++                    apr_table_setn(r->notes, "error-notes",
++                                   apr_pstrcat(r->pool,
++                                               "Size of a request header field " 
++                                               "after folding "
++                                               "exceeds server limit.<br />\n"
++                                               "<pre>\n",
++                                               ap_escape_html(r->pool, last_field),
++                                               "</pre>\n", NULL));
++                    return;
++                }
++
+                 if (fold_len > alloc_len) {
+                     char *fold_buf;
+                     alloc_len += alloc_len;
+
author	Clement Laforet <clement@FreeBSD.org>	2004-06-29 08:06:20 +0000
committer	Clement Laforet <clement@FreeBSD.org>	2004-06-29 08:06:20 +0000
commit	3f4b32767a3c92af5f4a363cd981b916735b7361 (patch)
tree	26066b1d381f87425ab9972acce70d67de94f253 /www
parent	Use shared library www/neon rather than included libneon (security fix). (diff)