Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 1 Sep 2019 17:24:53 -0700
From:      Ultima <ultima@ultimasbox.com>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org,  svn-ports-head@freebsd.org
Subject:   Re: svn commit: r510747 - head/www/libevhtp
Message-ID:  <CANJ8om60aeLwCPT2oyCWJf4ktc03tetymk=Wu6mgLUiXa31fjQ@mail.gmail.com>
In-Reply-To: <201909012248.x81MmkOA034522@repo.freebsd.org>
References:  <201909012248.x81MmkOA034522@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Had my vocabulary mixed up on the commit message,
stack = buffer and buffer = heap.

On Sun, Sep 1, 2019 at 3:48 PM Richard Gallamore <ultima@freebsd.org> wrote:

> Author: ultima
> Date: Sun Sep  1 22:48:46 2019
> New Revision: 510747
> URL: https://svnweb.freebsd.org/changeset/ports/510747
>
> Log:
>   Fix stack overflow that can occur in libevhtp
>
>   libevhtp allocates a stack based on data length
>   when C99 is detected at compile time. There are
>   no checks to verify that the stack is big enough
>   which can cause a stack overflow.
>
>   Adding EVHTP_HAS_C99=false at compile time changes
>   this behavior by allocate to a buffer which has
>   proper checks in place.
>
>   More information about this bug can be found at:
>   https://github.com/criticalstack/libevhtp/issues/118
>   https://github.com/haiwen/seafile/issues/1928
>
>   MFH:          2019Q3
>
> Modified:
>   head/www/libevhtp/Makefile
>
> Modified: head/www/libevhtp/Makefile
>
> ==============================================================================
> --- head/www/libevhtp/Makefile  Sun Sep  1 21:48:44 2019        (r510746)
> +++ head/www/libevhtp/Makefile  Sun Sep  1 22:48:46 2019        (r510747)
> @@ -2,7 +2,7 @@
>
>  PORTNAME=      libevhtp
>  PORTVERSION=   1.2.16
> -PORTREVISION=  3
> +PORTREVISION=  4
>  CATEGORIES=    www
>
>  MAINTAINER=    ultima@FreeBSD.org
> @@ -19,7 +19,8 @@ USE_GITHUB=   yes
>  GH_ACCOUNT=    criticalstack
>
>  CMAKE_ARGS=    -DCMAKE_INCLUDE_PATH:PATH=include/event2 \
> -               -DCMAKE_LIBRARY_PATH:PATH=lib/event2
> +               -DCMAKE_LIBRARY_PATH:PATH=lib/event2 \
> +               -DEVHTP_HAS_C99:BOOL=FALSE
>
>  PLIST_SUB=     PORTVERSION=${PORTVERSION}
>
>
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANJ8om60aeLwCPT2oyCWJf4ktc03tetymk=Wu6mgLUiXa31fjQ>