summaryrefslogtreecommitdiff
path: root/net-proxy/polipo/files/polipo-1.1.1-cve-2020-36420.patch
diff options
context:
space:
mode:
Diffstat (limited to 'net-proxy/polipo/files/polipo-1.1.1-cve-2020-36420.patch')
-rw-r--r--net-proxy/polipo/files/polipo-1.1.1-cve-2020-36420.patch26
1 files changed, 0 insertions, 26 deletions
diff --git a/net-proxy/polipo/files/polipo-1.1.1-cve-2020-36420.patch b/net-proxy/polipo/files/polipo-1.1.1-cve-2020-36420.patch
deleted file mode 100644
index 20fca8cf30a5..000000000000
--- a/net-proxy/polipo/files/polipo-1.1.1-cve-2020-36420.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-Reject packet with malformed range field instead of raising assert.
-This fixes CVE-2020-36420 and makes polipo conformant to RFC7233.
---- a/server.c 2014-05-15 02:19:43.000000000 +0400
-+++ b/server.c 2021-08-11 13:42:55.156568391 +0300
-@@ -1468,7 +1468,6 @@
- int port;
- int x, y, z;
-
-- assert(from >= 0 && (to < 0 || to > from));
- assert(closure == NULL);
- assert(!(object->flags & OBJECT_LOCAL));
- assert(object->type == OBJECT_HTTP);
-@@ -1499,6 +1498,13 @@
- notifyObject(object);
- return 1;
- }
-+
-+ if(!(from >= 0 && (to < 0 || to > from))) {
-+ do_log(L_ERROR, "Invalid Range field in the header: from=%d, to=%d.\n", from, to);
-+ abortObject(object, 400, internAtom("Invalid range header field"));
-+ notifyObject(object);
-+ return 1;
-+ }
-
- memcpy(name, ((char*)object->key) + x, y - x);
- name[y - x] = '\0';
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-03 22:53:09 +0000