summaryrefslogtreecommitdiff
path: root/user/libproxy/CVE-2020-25219.patch
diff options
context:
space:
mode:
authorZach van Rijn <me@zv.io>2022-01-14 04:38:01 +0000
committerZach van Rijn <me@zv.io>2022-10-21 18:33:57 -0500
commit13c05c4fcba68506963e3fd739dd1a388fbc45a2 (patch)
tree8c195210982c9f865e6230500b5394329ba38d66 /user/libproxy/CVE-2020-25219.patch
parent4a44f20744b33efe6e4cc72bdc08fcdbedae779b (diff)
downloadpackages-13c05c4fcba68506963e3fd739dd1a388fbc45a2.tar.gz
packages-13c05c4fcba68506963e3fd739dd1a388fbc45a2.tar.bz2
packages-13c05c4fcba68506963e3fd739dd1a388fbc45a2.tar.xz
packages-13c05c4fcba68506963e3fd739dd1a388fbc45a2.zip
user/libproxy: bump { 0.4.15 --> 0.4.17 }, fix build with Python 3.10
Diffstat (limited to 'user/libproxy/CVE-2020-25219.patch')
-rw-r--r--user/libproxy/CVE-2020-25219.patch57
1 files changed, 0 insertions, 57 deletions
diff --git a/user/libproxy/CVE-2020-25219.patch b/user/libproxy/CVE-2020-25219.patch
deleted file mode 100644
index 03cfbc00e..000000000
--- a/user/libproxy/CVE-2020-25219.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From a83dae404feac517695c23ff43ce1e116e2bfbe0 Mon Sep 17 00:00:00 2001
-From: Michael Catanzaro <mcatanzaro@gnome.org>
-Date: Wed, 9 Sep 2020 11:12:02 -0500
-Subject: [PATCH] Rewrite url::recvline to be nonrecursive
-
-This function processes network input. It's semi-trusted, because the
-PAC ought to be trusted. But we still shouldn't allow it to control how
-far we recurse. A malicious PAC can cause us to overflow the stack by
-sending a sufficiently-long line without any '\n' character.
-
-Also, this function failed to properly handle EINTR, so let's fix that
-too, for good measure.
-
-Fixes #134
----
- libproxy/url.cpp | 28 ++++++++++++++++++----------
- 1 file changed, 18 insertions(+), 10 deletions(-)
-
-diff --git a/libproxy/url.cpp b/libproxy/url.cpp
-index ee776b2..68d69cd 100644
---- a/libproxy/url.cpp
-+++ b/libproxy/url.cpp
-@@ -388,16 +388,24 @@ string url::to_string() const {
- return m_orig;
- }
-
--static inline string recvline(int fd) {
-- // Read a character.
-- // If we don't get a character, return empty string.
-- // If we are at the end of the line, return empty string.
-- char c = '\0';
--
-- if (recv(fd, &c, 1, 0) != 1 || c == '\n')
-- return "";
--
-- return string(1, c) + recvline(fd);
-+static string recvline(int fd) {
-+ string line;
-+ int ret;
-+
-+ // Reserve arbitrary amount of space to avoid small memory reallocations.
-+ line.reserve(128);
-+
-+ do {
-+ char c;
-+ ret = recv(fd, &c, 1, 0);
-+ if (ret == 1) {
-+ if (c == '\n')
-+ return line;
-+ line += c;
-+ }
-+ } while (ret == 1 || (ret == -1 && errno == EINTR));
-+
-+ return line;
- }
-
- char* url::get_pac() {