diff options
author | Zach van Rijn <me@zv.io> | 2022-01-14 04:38:01 +0000 |
---|---|---|
committer | Zach van Rijn <me@zv.io> | 2022-10-21 18:33:57 -0500 |
commit | 13c05c4fcba68506963e3fd739dd1a388fbc45a2 (patch) | |
tree | 8c195210982c9f865e6230500b5394329ba38d66 /user/libproxy/CVE-2020-25219.patch | |
parent | 4a44f20744b33efe6e4cc72bdc08fcdbedae779b (diff) | |
download | packages-13c05c4fcba68506963e3fd739dd1a388fbc45a2.tar.gz packages-13c05c4fcba68506963e3fd739dd1a388fbc45a2.tar.bz2 packages-13c05c4fcba68506963e3fd739dd1a388fbc45a2.tar.xz packages-13c05c4fcba68506963e3fd739dd1a388fbc45a2.zip |
user/libproxy: bump { 0.4.15 --> 0.4.17 }, fix build with Python 3.10
Diffstat (limited to 'user/libproxy/CVE-2020-25219.patch')
-rw-r--r-- | user/libproxy/CVE-2020-25219.patch | 57 |
1 files changed, 0 insertions, 57 deletions
diff --git a/user/libproxy/CVE-2020-25219.patch b/user/libproxy/CVE-2020-25219.patch deleted file mode 100644 index 03cfbc00e..000000000 --- a/user/libproxy/CVE-2020-25219.patch +++ /dev/null @@ -1,57 +0,0 @@ -From a83dae404feac517695c23ff43ce1e116e2bfbe0 Mon Sep 17 00:00:00 2001 -From: Michael Catanzaro <mcatanzaro@gnome.org> -Date: Wed, 9 Sep 2020 11:12:02 -0500 -Subject: [PATCH] Rewrite url::recvline to be nonrecursive - -This function processes network input. It's semi-trusted, because the -PAC ought to be trusted. But we still shouldn't allow it to control how -far we recurse. A malicious PAC can cause us to overflow the stack by -sending a sufficiently-long line without any '\n' character. - -Also, this function failed to properly handle EINTR, so let's fix that -too, for good measure. - -Fixes #134 ---- - libproxy/url.cpp | 28 ++++++++++++++++++---------- - 1 file changed, 18 insertions(+), 10 deletions(-) - -diff --git a/libproxy/url.cpp b/libproxy/url.cpp -index ee776b2..68d69cd 100644 ---- a/libproxy/url.cpp -+++ b/libproxy/url.cpp -@@ -388,16 +388,24 @@ string url::to_string() const { - return m_orig; - } - --static inline string recvline(int fd) { -- // Read a character. -- // If we don't get a character, return empty string. -- // If we are at the end of the line, return empty string. -- char c = '\0'; -- -- if (recv(fd, &c, 1, 0) != 1 || c == '\n') -- return ""; -- -- return string(1, c) + recvline(fd); -+static string recvline(int fd) { -+ string line; -+ int ret; -+ -+ // Reserve arbitrary amount of space to avoid small memory reallocations. -+ line.reserve(128); -+ -+ do { -+ char c; -+ ret = recv(fd, &c, 1, 0); -+ if (ret == 1) { -+ if (c == '\n') -+ return line; -+ line += c; -+ } -+ } while (ret == 1 || (ret == -1 && errno == EINTR)); -+ -+ return line; - } - - char* url::get_pac() { |