From owner-svn-ports-head@freebsd.org Thu Feb 16 21:43:13 2017 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 77CDDCE2E0D; Thu, 16 Feb 2017 21:43:13 +0000 (UTC) (envelope-from jrm@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 219F712C8; Thu, 16 Feb 2017 21:43:13 +0000 (UTC) (envelope-from jrm@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v1GLhCjC038930; Thu, 16 Feb 2017 21:43:12 GMT (envelope-from jrm@FreeBSD.org) Received: (from jrm@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v1GLhCMM038928; Thu, 16 Feb 2017 21:43:12 GMT (envelope-from jrm@FreeBSD.org) Message-Id: <201702162143.v1GLhCMM038928@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jrm set sender to jrm@FreeBSD.org using -f From: Joseph Mingrone Date: Thu, 16 Feb 2017 21:43:12 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r434257 - in head/www/obhttpd: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Feb 2017 21:43:13 -0000 Author: jrm Date: Thu Feb 16 21:43:11 2017 New Revision: 434257 URL: https://svnweb.freebsd.org/changeset/ports/434257 Log: www/obhttpd: Apply OpenBSD errata from January 31st, 2017. Errata text: https://marc.info/?l=openbsd-announce&m=148604065924319&w=2 PR: 216752 Submitted by: t@tobik.me Approved by: swills (mentor, implicit) koue@chaosophia.net (maintainer) Added: head/www/obhttpd/files/patch-usr.sbin_httpd_server__file.c (contents, props changed) Modified: head/www/obhttpd/Makefile Modified: head/www/obhttpd/Makefile ============================================================================== --- head/www/obhttpd/Makefile Thu Feb 16 21:40:34 2017 (r434256) +++ head/www/obhttpd/Makefile Thu Feb 16 21:43:11 2017 (r434257) @@ -2,6 +2,7 @@ PORTNAME= obhttpd PORTVERSION= 6.0.20161006 +PORTREVISION= 1 CATEGORIES= www MAINTAINER= koue@chaosophia.net Added: head/www/obhttpd/files/patch-usr.sbin_httpd_server__file.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/obhttpd/files/patch-usr.sbin_httpd_server__file.c Thu Feb 16 21:43:11 2017 (r434257) @@ -0,0 +1,30 @@ +OpenBSD 6.0 errata 17, Jan 31, 2017 + +A bug in the processing of range headers in httpd can lead to memory +exhaustion. This patch disables range header processing. + +--- usr.sbin/httpd/server_file.c.orig 2016-10-17 10:49:16 UTC ++++ usr.sbin/httpd/server_file.c +@@ -66,7 +66,6 @@ server_file_access(struct httpd *env, st + struct http_descriptor *desc = clt->clt_descreq; + struct server_config *srv_conf = clt->clt_srv_conf; + struct stat st; +- struct kv *r, key; + char *newpath, *encodedpath; + int ret; + +@@ -146,13 +145,7 @@ server_file_access(struct httpd *env, st + goto fail; + } + +- key.kv_key = "Range"; +- r = kv_find(&desc->http_headers, &key); +- if (r != NULL) +- return (server_partial_file_request(env, clt, path, &st, +- r->kv_value)); +- else +- return (server_file_request(env, clt, path, &st)); ++ return (server_file_request(env, clt, path, &st)); + + fail: + switch (errno) {