From d101f4d2bfccd6006ee5fdf7f1cf17691095305c Mon Sep 17 00:00:00 2001 From: pea Date: Sat, 12 Feb 2011 21:06:57 +0000 Subject: [PATCH] Fix CVE-2010-1623 ok sthen@, landry@ --- devel/apr-util/Makefile | 4 +-- .../patches/patch-buckets_apr_brigade_c | 26 +++++++++++++++++++ 2 files changed, 28 insertions(+), 2 deletions(-) create mode 100644 devel/apr-util/patches/patch-buckets_apr_brigade_c diff --git a/devel/apr-util/Makefile b/devel/apr-util/Makefile index 29fb66f1b8d..ff5e5ff98ff 100644 --- a/devel/apr-util/Makefile +++ b/devel/apr-util/Makefile @@ -1,11 +1,11 @@ -# $OpenBSD: Makefile,v 1.28 2010/11/26 14:50:10 espie Exp $ +# $OpenBSD: Makefile,v 1.29 2011/02/12 21:06:57 pea Exp $ COMMENT= companion library to APR V= 1.2.10 DISTNAME= apr-util-$V FULLPKGNAME= apr-util${MT}-$V${FLAVOR_EXT:S/-mt//} -REVISION = 4 +REVISION = 5 SHARED_LIBS += aprutil-1${MT} 2.11 # .2.11 CATEGORIES= devel diff --git a/devel/apr-util/patches/patch-buckets_apr_brigade_c b/devel/apr-util/patches/patch-buckets_apr_brigade_c new file mode 100644 index 00000000000..f318728f3e7 --- /dev/null +++ b/devel/apr-util/patches/patch-buckets_apr_brigade_c @@ -0,0 +1,26 @@ +$OpenBSD: patch-buckets_apr_brigade_c,v 1.1 2011/02/12 21:06:57 pea Exp $ + +Fix CVE-2010-1623 + +--- buckets/apr_brigade.c.orig Fri Feb 4 21:45:35 2005 ++++ buckets/apr_brigade.c Tue Feb 8 14:04:05 2011 +@@ -304,7 +304,18 @@ APU_DECLARE(apr_status_t) apr_brigade_split_line(apr_b + return APR_SUCCESS; + } + APR_BUCKET_REMOVE(e); +- APR_BRIGADE_INSERT_TAIL(bbOut, e); ++ if (APR_BUCKET_IS_METADATA(e) || len > APR_BUCKET_BUFF_SIZE/4) { ++ APR_BRIGADE_INSERT_TAIL(bbOut, e); ++ } ++ else { ++ if (len > 0) { ++ rv = apr_brigade_write(bbOut, NULL, NULL, str, len); ++ if (rv != APR_SUCCESS) { ++ return rv; ++ } ++ } ++ apr_bucket_destroy(e); ++ } + readbytes += len; + /* We didn't find an APR_ASCII_LF within the maximum line length. */ + if (readbytes >= maxbytes) {