diff options
author | Marcus Alves Grando <mnag@FreeBSD.org> | 2008-04-13 03:50:28 +0000 |
---|---|---|
committer | Marcus Alves Grando <mnag@FreeBSD.org> | 2008-04-13 03:50:28 +0000 |
commit | 6ebb75461bf72af581ca389629f07d134ce628db (patch) | |
tree | e6a08e9d4c13012c5a333c9785b0c09f2714d7a9 /www/lighttpd | |
parent | b570c4e96bc9f222efce9ced199658e9d19e099a (diff) | |
download | ports-6ebb75461bf72af581ca389629f07d134ce628db.tar.gz ports-6ebb75461bf72af581ca389629f07d134ce628db.zip |
Notes
Diffstat (limited to 'www/lighttpd')
-rw-r--r-- | www/lighttpd/Makefile | 1 | ||||
-rw-r--r-- | www/lighttpd/files/patch-CVE-2008-1531 | 119 |
2 files changed, 120 insertions, 0 deletions
diff --git a/www/lighttpd/Makefile b/www/lighttpd/Makefile index 03b59c675ab4..fd730817e472 100644 --- a/www/lighttpd/Makefile +++ b/www/lighttpd/Makefile @@ -7,6 +7,7 @@ PORTNAME= lighttpd PORTVERSION= 1.4.19 +PORTREVISION= 1 CATEGORIES= www MASTER_SITES= http://www.lighttpd.net/download/ \ http://mirrors.cat.pdx.edu/lighttpd/ diff --git a/www/lighttpd/files/patch-CVE-2008-1531 b/www/lighttpd/files/patch-CVE-2008-1531 new file mode 100644 index 000000000000..f23c92cf4d3c --- /dev/null +++ b/www/lighttpd/files/patch-CVE-2008-1531 @@ -0,0 +1,119 @@ +Index: src/connections.c +=================================================================== +--- src/connections.c (revision 2103) ++++ src/connections.c (revision 2136) +@@ -200,4 +200,5 @@ + /* don't resize the buffer if we were in SSL_ERROR_WANT_* */ + ++ ERR_clear_error(); + do { + if (!con->ssl_error_want_reuse_buffer) { +@@ -1670,4 +1671,5 @@ + if (srv_sock->is_ssl) { + int ret; ++ ERR_clear_error(); + switch ((ret = SSL_shutdown(con->ssl))) { + case 1: +@@ -1675,6 +1677,8 @@ + break; + case 0: +- SSL_shutdown(con->ssl); +- break; ++ ERR_clear_error(); ++ if ((ret = SSL_shutdown(con->ssl)) == 1) break; ++ ++ // fall through + default: + log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:", +Index: src/network_openssl.c +=================================================================== +--- src/network_openssl.c (revision 2084) ++++ src/network_openssl.c (revision 2136) +@@ -86,4 +86,5 @@ + */ + ++ ERR_clear_error(); + if ((r = SSL_write(ssl, offset, toSend)) <= 0) { + unsigned long err; +@@ -188,4 +189,5 @@ + close(ifd); + ++ ERR_clear_error(); + if ((r = SSL_write(ssl, s, toSend)) <= 0) { + unsigned long err; +Index: src/connections.c +=================================================================== +--- src/connections.c (revision 2136) ++++ src/connections.c (revision 2139) +@@ -1670,5 +1670,6 @@ + #ifdef USE_OPENSSL + if (srv_sock->is_ssl) { +- int ret; ++ int ret, ssl_r; ++ unsigned long err; + ERR_clear_error(); + switch ((ret = SSL_shutdown(con->ssl))) { +@@ -1678,14 +1679,40 @@ + case 0: + ERR_clear_error(); +- if ((ret = SSL_shutdown(con->ssl)) == 1) break; ++ if (-1 != (ret = SSL_shutdown(con->ssl))) break; + + // fall through + default: +- log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:", +- SSL_get_error(con->ssl, ret), +- ERR_error_string(ERR_get_error(), NULL)); +- return -1; ++ ++ switch ((ssl_r = SSL_get_error(con->ssl, ret))) { ++ case SSL_ERROR_WANT_WRITE: ++ case SSL_ERROR_WANT_READ: ++ break; ++ case SSL_ERROR_SYSCALL: ++ /* perhaps we have error waiting in our error-queue */ ++ if (0 != (err = ERR_get_error())) { ++ do { ++ log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:", ++ ssl_r, ret, ++ ERR_error_string(err, NULL)); ++ } while((err = ERR_get_error())); ++ } else { ++ log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL (error):", ++ ssl_r, r, errno, ++ strerror(errno)); ++ } ++ ++ break; ++ default: ++ while((err = ERR_get_error())) { ++ log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:", ++ ssl_r, ret, ++ ERR_error_string(err, NULL)); ++ } ++ ++ break; ++ } + } + } ++ ERR_clear_error(); + #endif + +Index: src/connections.c +=================================================================== +--- src/connections.c (revision 2139) ++++ src/connections.c (revision 2144) +@@ -1681,5 +1681,5 @@ + if (-1 != (ret = SSL_shutdown(con->ssl))) break; + +- // fall through ++ /* fall through */ + default: + +@@ -1698,5 +1698,5 @@ + } else { + log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL (error):", +- ssl_r, r, errno, ++ ssl_r, ret, errno, + strerror(errno)); + } |