aboutsummaryrefslogtreecommitdiff
path: root/net/libproxy
diff options
context:
space:
mode:
authorRaphael Kubo da Costa <rakuco@FreeBSD.org>2016-01-17 12:55:14 +0000
committerRaphael Kubo da Costa <rakuco@FreeBSD.org>2016-01-17 12:55:14 +0000
commita518cec065667a913249671dbdb6220db8f86b97 (patch)
tree4cd86a6e38d0499f9ef02abb2c69b251aac5e2c7 /net/libproxy
parent96ad62e894b32bb3781b6fe27d74d0c2b7e9c94c (diff)
downloadports-a518cec065667a913249671dbdb6220db8f86b97.tar.gz
ports-a518cec065667a913249671dbdb6220db8f86b97.zip
Add upstream patch to fix CVE-2012-4504.
Approved by: gnome (kwm) Security: 3b5c2362-bd07-11e5-b7ef-5453ed2e2b49 Security: CVE-2012-4504
Notes
Notes: svn path=/head/; revision=406314
Diffstat (limited to 'net/libproxy')
-rw-r--r--net/libproxy/Makefile2
-rw-r--r--net/libproxy/files/patch-CVE-2012-450422
2 files changed, 23 insertions, 1 deletions
diff --git a/net/libproxy/Makefile b/net/libproxy/Makefile
index 55749b9c4d59..e8b88936121f 100644
--- a/net/libproxy/Makefile
+++ b/net/libproxy/Makefile
@@ -4,7 +4,7 @@
PORTNAME= libproxy
PORTVERSION= 0.4.6
-PORTREVISION?= 0
+PORTREVISION?= 1
CATEGORIES?= net devel
MASTER_SITES= GOOGLE_CODE
diff --git a/net/libproxy/files/patch-CVE-2012-4504 b/net/libproxy/files/patch-CVE-2012-4504
new file mode 100644
index 000000000000..4b42f4cda39e
--- /dev/null
+++ b/net/libproxy/files/patch-CVE-2012-4504
@@ -0,0 +1,22 @@
+commit c440553c12836664afd24a24fb3a4d10a2facd2c
+Author: nicolas.dufresne@gmail.com <nicolas.dufresne@gmail.com@c587cffe-e639-0410-9787-d7902ae8ed56>
+Date: Wed Oct 10 16:14:27 2012 +0000
+
+ Fix buffer overflow downloading large pac file
+
+ This fixes CVE CVE-2012-4504
+
+--- libproxy/url.cpp
++++ libproxy/url.cpp
+@@ -474,9 +474,10 @@ char* url::get_pac() {
+ // Add this chunk to our content length,
+ // ensuring that we aren't over our max size
+ content_length += chunk_length;
+- if (content_length >= PAC_MAX_SIZE) break;
+ }
+
++ if (content_length >= PAC_MAX_SIZE) break;
++
+ while (recvd != content_length) {
+ int r = recv(sock, buffer + recvd, content_length - recvd, 0);
+ if (r < 0) break;
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-31 18:13:13 +0000