Hello community,
here is the log from the commit of package tinyproxy for openSUSE:Factory checked in at 2013-07-04 18:07:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/tinyproxy (Old)
and /work/SRC/openSUSE:Factory/.tinyproxy.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tinyproxy"
Changes:
--------
--- /work/SRC/openSUSE:Factory/tinyproxy/tinyproxy.changes 2012-02-23 15:34:55.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.tinyproxy.new/tinyproxy.changes 2013-07-04 18:07:07.000000000 +0200
@@ -1,0 +2,7 @@
+Thu Jul 4 00:07:06 UTC 2013 - jengelh@inai.de
+
+- Add 110-seeding.diff, 110-headerlimit.diff to address
+ CVE-2012-3505 (bnc#776506)
+- Refresh tinyproxy-conf.patch to be in -p1 format rather than -p0
+
+-------------------------------------------------------------------
New:
----
110-headerlimit.diff
110-seeding.diff
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ tinyproxy.spec ++++++
--- /var/tmp/diff_new_pack.Q8Uqs5/_old 2013-07-04 18:07:08.000000000 +0200
+++ /var/tmp/diff_new_pack.Q8Uqs5/_new 2013-07-04 18:07:08.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package tinyproxy
#
-# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -30,7 +30,9 @@
Source: https://banu.com/pub/tinyproxy/1.8/%{name}-%{version}.tar.bz2
Source1: %{name}.logrotate
Source2: %{name}.init
-Patch0: %{name}-conf.patch
+Patch1: tinyproxy-conf.patch
+Patch2: 110-seeding.diff
+Patch3: 110-headerlimit.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
# libxslt -> xsltproc
@@ -46,8 +48,8 @@
system resources for a larger proxy are unavailable.
%prep
-%setup -q -n %{name}-%{version}
-%patch0
+%setup -q
+%patch -P 1 -P 2 -P 3 -p1
%build
%configure
++++++ 110-headerlimit.diff ++++++
References: https://banu.com/bugzilla/show_bug.cgi?id=110
References: http://bugzilla.novell.com/776506
@@ -, +, @@
prevent DoS
---
src/reqs.c | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
--- a/src/reqs.c
+++ a/src/reqs.c
@@ -611,12 +611,19 @@ add_header_to_connection (hashmap_t hashofheaders, char *header, size_t len)
}
/*
+ * define max number of headers.
+ * big enough to handle legitimate cases, but limited to avoid DoS
+ */
+#define MAX_HEADERS 10000
+
+/*
* Read all the headers from the stream
*/
static int get_all_headers (int fd, hashmap_t hashofheaders)
{
char *line = NULL;
char *header = NULL;
+ int count;
char *tmp;
ssize_t linelen;
ssize_t len = 0;
@@ -625,7 +632,7 @@ static int get_all_headers (int fd, hashmap_t hashofheaders)
assert (fd >= 0);
assert (hashofheaders != NULL);
- for (;;) {
+ for (count = 0; count < MAX_HEADERS; count++) {
if ((linelen = readline (fd, &line)) <= 0) {
safefree (header);
safefree (line);
@@ -691,6 +698,14 @@ static int get_all_headers (int fd, hashmap_t hashofheaders)
safefree (line);
}
+
+ /*
+ * if we get there, this is we reached MAX_HEADERS count
+ * bail out with error
+ */
+ safefree (header);
+ safefree (line);
+ return -1;
}
/*
--
++++++ 110-seeding.diff ++++++
References: https://banu.com/bugzilla/show_bug.cgi?id=110
References: http://bugzilla.novell.com/776506
@@ -, +, @@
---
configure.ac | 2 ++
src/child.c | 1 +
src/hashmap.c | 14 ++++++++------
3 files changed, 11 insertions(+), 6 deletions(-)
Index: tinyproxy-1.8.3/configure.ac
===================================================================
--- tinyproxy-1.8.3.orig/configure.ac
+++ tinyproxy-1.8.3/configure.ac
@@ -205,6 +205,8 @@ AC_CHECK_FUNCS([gethostname inet_ntoa me
AC_CHECK_FUNCS([isascii memcpy setrlimit ftruncate regcomp regexec])
AC_CHECK_FUNCS([strlcpy strlcat])
+AC_CHECK_FUNCS([time rand srand])
+
dnl Enable extra warnings
DESIRED_FLAGS="-fdiagnostics-show-option -Wall -Wextra -Wno-unused-parameter -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -Wfloat-equal -Wundef -Wformat=2 -Wlogical-op -Wmissing-include-dirs -Wformat-nonliteral -Wold-style-definition -Wpointer-arith -Waggregate-return -Winit-self -Wpacked --std=c89 -ansi -pedantic -Wc++-compat -Wno-long-long -Wno-overlength-strings -Wdeclaration-after-statement -Wredundant-decls -Wmissing-noreturn -Wshadow -Wendif-labels -Wcast-qual -Wcast-align -Wwrite-strings -Wp,-D_FORTIFY_SOURCE=2 -fno-common"
Index: tinyproxy-1.8.3/src/child.c
===================================================================
--- tinyproxy-1.8.3.orig/src/child.c
+++ tinyproxy-1.8.3/src/child.c
@@ -196,6 +196,7 @@ static void child_main (struct child_s *
}
ptr->connects = 0;
+ srand(time(NULL));
while (!config.quit) {
ptr->status = T_WAITING;
Index: tinyproxy-1.8.3/src/hashmap.c
===================================================================
--- tinyproxy-1.8.3.orig/src/hashmap.c
+++ tinyproxy-1.8.3/src/hashmap.c
@@ -50,6 +50,7 @@ struct hashbucket_s {
};
struct hashmap_s {
+ uint32_t seed;
unsigned int size;
hashmap_iter end_iterator;
@@ -65,7 +66,7 @@ struct hashmap_s {
*
* If any of the arguments are invalid a negative number is returned.
*/
-static int hashfunc (const char *key, unsigned int size)
+static int hashfunc (const char *key, unsigned int size, uint32_t seed)
{
uint32_t hash;
@@ -74,7 +75,7 @@ static int hashfunc (const char *key, un
if (size == 0)
return -ERANGE;
- for (hash = tolower (*key++); *key != '\0'; key++) {
+ for (hash = seed; *key != '\0'; key++) {
uint32_t bit = (hash & 1) ? (1 << (sizeof (uint32_t) - 1)) : 0;
hash >>= 1;
@@ -104,6 +105,7 @@ hashmap_t hashmap_create (unsigned int n
if (!ptr)
return NULL;
+ ptr->seed = (uint32_t)rand();
ptr->size = nbuckets;
ptr->buckets = (struct hashbucket_s *) safecalloc (nbuckets,
sizeof (struct
@@ -201,7 +203,7 @@ hashmap_insert (hashmap_t map, const cha
if (!data || len < 1)
return -ERANGE;
- hash = hashfunc (key, map->size);
+ hash = hashfunc (key, map->size, map->seed);
if (hash < 0)
return hash;
@@ -382,7 +384,7 @@ ssize_t hashmap_search (hashmap_t map, c
if (map == NULL || key == NULL)
return -EINVAL;
- hash = hashfunc (key, map->size);
+ hash = hashfunc (key, map->size, map->seed);
if (hash < 0)
return hash;
@@ -416,7 +418,7 @@ ssize_t hashmap_entry_by_key (hashmap_t
if (!map || !key || !data)
return -EINVAL;
- hash = hashfunc (key, map->size);
+ hash = hashfunc (key, map->size, map->seed);
if (hash < 0)
return hash;
@@ -451,7 +453,7 @@ ssize_t hashmap_remove (hashmap_t map, c
if (map == NULL || key == NULL)
return -EINVAL;
- hash = hashfunc (key, map->size);
+ hash = hashfunc (key, map->size, map->seed);
if (hash < 0)
return hash;
++++++ tinyproxy-conf.patch ++++++
--- /var/tmp/diff_new_pack.Q8Uqs5/_old 2013-07-04 18:07:08.000000000 +0200
+++ /var/tmp/diff_new_pack.Q8Uqs5/_new 2013-07-04 18:07:08.000000000 +0200
@@ -1,7 +1,14 @@
-Index: etc/tinyproxy.conf.in
+From: Christian Wittmer