MFH: r510747

Fix stack overflow that can occur in libevhtp libevhtp allocates a stack based on data length when C99 is detected at compile time. There are no checks to verify that the stack is big enough which can cause a stack overflow. Adding EVHTP_HAS_C99=false at compile time changes this behavior by allocate to a buffer which has proper checks in place. More information about this bug can be found at: https://github.com/criticalstack/libevhtp/issues/118 https://github.com/haiwen/seafile/issues/1928 Approved by: ports-secteam (joneum)
author: Richard Gallamore <ultima@FreeBSD.org> 2019-09-02 16:27:12 +0000
committer: Richard Gallamore <ultima@FreeBSD.org> 2019-09-02 16:27:12 +0000
commit: 71466b0aa4f5ab233a1af7ae36eab7174033710b (patch)
tree: 6721d111f05adc607fe4e7feefe162a7a82895e3
parent: d82170d1f0ad7e97a90925089ddf72ce4b2b4a80 (diff)
download: ports-71466b0aa4f5ab233a1af7ae36eab7174033710b.tar.gz
ports-71466b0aa4f5ab233a1af7ae36eab7174033710b.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/www/libevhtp/Makefile b/www/libevhtp/Makefile
index e9ac11f4f843..261061850e72 100644
--- a/www/libevhtp/Makefile
+++ b/www/libevhtp/Makefile
@@ -2,7 +2,7 @@
 
 PORTNAME=	libevhtp
 PORTVERSION=	1.2.16
-PORTREVISION=	2
+PORTREVISION=	4
 CATEGORIES=	www
 
 MAINTAINER=	ultima@FreeBSD.org
@@ -19,7 +19,8 @@ USE_GITHUB=	yes
 GH_ACCOUNT=	criticalstack
 
 CMAKE_ARGS=	-DCMAKE_INCLUDE_PATH:PATH=include/event2 \
-		-DCMAKE_LIBRARY_PATH:PATH=lib/event2
+		-DCMAKE_LIBRARY_PATH:PATH=lib/event2 \
+		-DEVHTP_HAS_C99:BOOL=FALSE
 
 PLIST_SUB=	PORTVERSION=${PORTVERSION}
author	Richard Gallamore <ultima@FreeBSD.org>	2019-09-02 16:27:12 +0000
committer	Richard Gallamore <ultima@FreeBSD.org>	2019-09-02 16:27:12 +0000
commit	71466b0aa4f5ab233a1af7ae36eab7174033710b (patch)
tree	6721d111f05adc607fe4e7feefe162a7a82895e3
parent	d82170d1f0ad7e97a90925089ddf72ce4b2b4a80 (diff)
download	ports-71466b0aa4f5ab233a1af7ae36eab7174033710b.tar.gz ports-71466b0aa4f5ab233a1af7ae36eab7174033710b.zip