diff options
author | Richard Gallamore <ultima@FreeBSD.org> | 2019-09-02 16:27:12 +0000 |
---|---|---|
committer | Richard Gallamore <ultima@FreeBSD.org> | 2019-09-02 16:27:12 +0000 |
commit | 71466b0aa4f5ab233a1af7ae36eab7174033710b (patch) | |
tree | 6721d111f05adc607fe4e7feefe162a7a82895e3 | |
parent | d82170d1f0ad7e97a90925089ddf72ce4b2b4a80 (diff) | |
download | ports-71466b0aa4f5ab233a1af7ae36eab7174033710b.tar.gz ports-71466b0aa4f5ab233a1af7ae36eab7174033710b.zip |
MFH: r510747
Fix stack overflow that can occur in libevhtp
libevhtp allocates a stack based on data length
when C99 is detected at compile time. There are
no checks to verify that the stack is big enough
which can cause a stack overflow.
Adding EVHTP_HAS_C99=false at compile time changes
this behavior by allocate to a buffer which has
proper checks in place.
More information about this bug can be found at:
https://github.com/criticalstack/libevhtp/issues/118
https://github.com/haiwen/seafile/issues/1928
Approved by: ports-secteam (joneum)
Notes
Notes:
svn path=/branches/2019Q3/; revision=510822
-rw-r--r-- | www/libevhtp/Makefile | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/www/libevhtp/Makefile b/www/libevhtp/Makefile index e9ac11f4f843..261061850e72 100644 --- a/www/libevhtp/Makefile +++ b/www/libevhtp/Makefile @@ -2,7 +2,7 @@ PORTNAME= libevhtp PORTVERSION= 1.2.16 -PORTREVISION= 2 +PORTREVISION= 4 CATEGORIES= www MAINTAINER= ultima@FreeBSD.org @@ -19,7 +19,8 @@ USE_GITHUB= yes GH_ACCOUNT= criticalstack CMAKE_ARGS= -DCMAKE_INCLUDE_PATH:PATH=include/event2 \ - -DCMAKE_LIBRARY_PATH:PATH=lib/event2 + -DCMAKE_LIBRARY_PATH:PATH=lib/event2 \ + -DEVHTP_HAS_C99:BOOL=FALSE PLIST_SUB= PORTVERSION=${PORTVERSION} |