diff options
author | Raphael Kubo da Costa <rakuco@FreeBSD.org> | 2016-01-17 12:55:14 +0000 |
---|---|---|
committer | Raphael Kubo da Costa <rakuco@FreeBSD.org> | 2016-01-17 12:55:14 +0000 |
commit | a518cec065667a913249671dbdb6220db8f86b97 (patch) | |
tree | 4cd86a6e38d0499f9ef02abb2c69b251aac5e2c7 /net/libproxy | |
parent | 96ad62e894b32bb3781b6fe27d74d0c2b7e9c94c (diff) | |
download | ports-a518cec065667a913249671dbdb6220db8f86b97.tar.gz ports-a518cec065667a913249671dbdb6220db8f86b97.zip |
Notes
Diffstat (limited to 'net/libproxy')
-rw-r--r-- | net/libproxy/Makefile | 2 | ||||
-rw-r--r-- | net/libproxy/files/patch-CVE-2012-4504 | 22 |
2 files changed, 23 insertions, 1 deletions
diff --git a/net/libproxy/Makefile b/net/libproxy/Makefile index 55749b9c4d59..e8b88936121f 100644 --- a/net/libproxy/Makefile +++ b/net/libproxy/Makefile @@ -4,7 +4,7 @@ PORTNAME= libproxy PORTVERSION= 0.4.6 -PORTREVISION?= 0 +PORTREVISION?= 1 CATEGORIES?= net devel MASTER_SITES= GOOGLE_CODE diff --git a/net/libproxy/files/patch-CVE-2012-4504 b/net/libproxy/files/patch-CVE-2012-4504 new file mode 100644 index 000000000000..4b42f4cda39e --- /dev/null +++ b/net/libproxy/files/patch-CVE-2012-4504 @@ -0,0 +1,22 @@ +commit c440553c12836664afd24a24fb3a4d10a2facd2c +Author: nicolas.dufresne@gmail.com <nicolas.dufresne@gmail.com@c587cffe-e639-0410-9787-d7902ae8ed56> +Date: Wed Oct 10 16:14:27 2012 +0000 + + Fix buffer overflow downloading large pac file + + This fixes CVE CVE-2012-4504 + +--- libproxy/url.cpp ++++ libproxy/url.cpp +@@ -474,9 +474,10 @@ char* url::get_pac() { + // Add this chunk to our content length, + // ensuring that we aren't over our max size + content_length += chunk_length; +- if (content_length >= PAC_MAX_SIZE) break; + } + ++ if (content_length >= PAC_MAX_SIZE) break; ++ + while (recvd != content_length) { + int r = recv(sock, buffer + recvd, content_length - recvd, 0); + if (r < 0) break; |