diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2021-08-14 10:30:13 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2021-08-14 10:30:13 +0100 |
commit | 616579b5d773c50af31ee56f00105d96ce641ca2 (patch) | |
tree | 2ad4d3ba1429bd93a36ab99a2f5ec3490412115e /net-proxy/polipo/files/polipo-1.1.1-cve-2020-36420.patch | |
parent | 068424b26532f3551a81421a9be67ed206e5c11a (diff) |
gentoo resync : 14.08.2021
Diffstat (limited to 'net-proxy/polipo/files/polipo-1.1.1-cve-2020-36420.patch')
-rw-r--r-- | net-proxy/polipo/files/polipo-1.1.1-cve-2020-36420.patch | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/net-proxy/polipo/files/polipo-1.1.1-cve-2020-36420.patch b/net-proxy/polipo/files/polipo-1.1.1-cve-2020-36420.patch new file mode 100644 index 000000000000..20fca8cf30a5 --- /dev/null +++ b/net-proxy/polipo/files/polipo-1.1.1-cve-2020-36420.patch @@ -0,0 +1,26 @@ +Reject packet with malformed range field instead of raising assert. +This fixes CVE-2020-36420 and makes polipo conformant to RFC7233. +--- a/server.c 2014-05-15 02:19:43.000000000 +0400 ++++ b/server.c 2021-08-11 13:42:55.156568391 +0300 +@@ -1468,7 +1468,6 @@ + int port; + int x, y, z; + +- assert(from >= 0 && (to < 0 || to > from)); + assert(closure == NULL); + assert(!(object->flags & OBJECT_LOCAL)); + assert(object->type == OBJECT_HTTP); +@@ -1499,6 +1498,13 @@ + notifyObject(object); + return 1; + } ++ ++ if(!(from >= 0 && (to < 0 || to > from))) { ++ do_log(L_ERROR, "Invalid Range field in the header: from=%d, to=%d.\n", from, to); ++ abortObject(object, 400, internAtom("Invalid range header field")); ++ notifyObject(object); ++ return 1; ++ } + + memcpy(name, ((char*)object->key) + x, y - x); + name[y - x] = '\0'; |