SECURITY FIX for http://secunia.com/advisories/29544/

lighttpd OpenSSL Error Queue Denial of Service Vulnerability patches from upstream svn, via brad@
2008-04-03 10:18:15 +00:00 · 2008-04-03 10:18:15 +00:00 · 2d090ef045
commit 2d090ef045
parent 275e22e63b
3 changed files with 91 additions and 1 deletions
--- a/www/lighttpd/Makefile
+++ b/www/lighttpd/Makefile
@ -1,10 +1,11 @@
-# $OpenBSD: Makefile,v 1.49 2008/03/16 18:43:31 brad Exp $
+# $OpenBSD: Makefile,v 1.50 2008/04/03 10:18:15 jasper Exp $

 SHARED_ONLY=	Yes

 COMMENT=	secure, fast, compliant, and very flexible web-server

 DISTNAME=	lighttpd-1.4.19
+PKGNAME=	${DISTNAME}p0
 CATEGORIES=	www net
 MASTER_SITES=	${HOMEPAGE}/download/

--- a/www/lighttpd/patches/patch-src_connections_c
+++ b/www/lighttpd/patches/patch-src_connections_c
@ -0,0 +1,70 @@
+$OpenBSD: patch-src_connections_c,v 1.5 2008/04/03 10:18:15 jasper Exp $
+--- src/connections.c.orig	Wed Feb 27 18:41:35 2008
+++ src/connections.c	Thu Apr  3 02:33:53 2008
+@@ -199,6 +199,7 @@ static int connection_handle_read_ssl(server *srv, con
+ 
+ 	/* don't resize the buffer if we were in SSL_ERROR_WANT_* */
+ 
+	ERR_clear_error();
+ 	do {
+ 		if (!con->ssl_error_want_reuse_buffer) {
+ 			b = buffer_init();
+@@ -1668,21 +1669,51 @@ int connection_state_machine(server *srv, connection *
+ 			}
+ #ifdef USE_OPENSSL
+ 			if (srv_sock->is_ssl) {
+-				int ret;
+				int ret, ssl_r;
+				unsigned long err;
+				ERR_clear_error();
+ 				switch ((ret = SSL_shutdown(con->ssl))) {
+ 				case 1:
+ 					/* ok */
+ 					break;
+ 				case 0:
+-					SSL_shutdown(con->ssl);
+-					break;
+					ERR_clear_error();
+					if (-1 != (ret = SSL_shutdown(con->ssl))) break;
+
+					// fall through
+ 				default:
+-					log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:",
+-							SSL_get_error(con->ssl, ret),
+-							ERR_error_string(ERR_get_error(), NULL));
+-					return -1;
+
+					switch ((ssl_r = SSL_get_error(con->ssl, ret))) {
+					case SSL_ERROR_WANT_WRITE:
+					case SSL_ERROR_WANT_READ:
+						break;
+					case SSL_ERROR_SYSCALL:
+						/* perhaps we have error waiting in our error-queue */
+						if (0 != (err = ERR_get_error())) {
+							do {
+								log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
+										ssl_r, ret,
+										ERR_error_string(err, NULL));
+							} while((err = ERR_get_error()));
+						} else {
+							log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL (error):",
+									ssl_r, r, errno,
+									strerror(errno));
+						}
+	
+						break;
+					default:
+						while((err = ERR_get_error())) {
+							log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
+									ssl_r, ret,
+									ERR_error_string(err, NULL));
+						}
+	
+						break;
+					}
+ 				}
+ 			}
+			ERR_clear_error();
+ #endif
+ 
+ 			switch(con->mode) {
--- a/www/lighttpd/patches/patch-src_network_openssl_c
+++ b/www/lighttpd/patches/patch-src_network_openssl_c
@ -0,0 +1,19 @@
+$OpenBSD: patch-src_network_openssl_c,v 1.1 2008/04/03 10:18:15 jasper Exp $
+--- src/network_openssl.c.orig	Wed Apr  2 19:20:16 2008
+++ src/network_openssl.c	Wed Apr  2 19:21:18 2008
+@@ -85,6 +85,7 @@ int network_write_chunkqueue_openssl(server *srv, conn
+ 			 *
+ 			 */
+ 
+			ERR_clear_error();
+ 			if ((r = SSL_write(ssl, offset, toSend)) <= 0) {
+ 				unsigned long err;
+ 
+@@ -187,6 +188,7 @@ int network_write_chunkqueue_openssl(server *srv, conn
+ 
+ 				close(ifd);
+ 
+				ERR_clear_error();
+ 				if ((r = SSL_write(ssl, s, toSend)) <= 0) {
+ 					unsigned long err;
+