From 616579b5d773c50af31ee56f00105d96ce641ca2 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Sat, 14 Aug 2021 10:30:13 +0100
Subject: gentoo resync : 14.08.2021

---
 .../polipo/files/polipo-1.1.1-cve-2020-36420.patch | 26 ++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 net-proxy/polipo/files/polipo-1.1.1-cve-2020-36420.patch

(limited to 'net-proxy/polipo/files/polipo-1.1.1-cve-2020-36420.patch')

diff --git a/net-proxy/polipo/files/polipo-1.1.1-cve-2020-36420.patch b/net-proxy/polipo/files/polipo-1.1.1-cve-2020-36420.patch
new file mode 100644
index 000000000000..20fca8cf30a5
--- /dev/null
+++ b/net-proxy/polipo/files/polipo-1.1.1-cve-2020-36420.patch
@@ -0,0 +1,26 @@
+Reject packet with malformed range field instead of raising assert.
+This fixes CVE-2020-36420 and makes polipo conformant to RFC7233.
+--- a/server.c	2014-05-15 02:19:43.000000000 +0400
++++ b/server.c	2021-08-11 13:42:55.156568391 +0300
+@@ -1468,7 +1468,6 @@
+     int port;
+     int x, y, z;
+ 
+-    assert(from >= 0 && (to < 0 || to > from));
+     assert(closure == NULL);
+     assert(!(object->flags & OBJECT_LOCAL));
+     assert(object->type == OBJECT_HTTP);
+@@ -1499,6 +1498,13 @@
+         notifyObject(object);
+         return 1;
+     }
++
++    if(!(from >= 0 && (to < 0 || to > from))) {
++        do_log(L_ERROR, "Invalid Range field in the header: from=%d, to=%d.\n", from, to);
++        abortObject(object, 400, internAtom("Invalid range header field"));
++        notifyObject(object);
++        return 1;
++    }
+ 
+     memcpy(name, ((char*)object->key) + x, y - x);
+     name[y - x] = '\0';
-- 
cgit v1.2.3