diff options
Diffstat (limited to 'net-proxy/tinyproxy/files/tinyproxy-1.8.3-r2-DoS-Prevention.patch')
| -rw-r--r-- | net-proxy/tinyproxy/files/tinyproxy-1.8.3-r2-DoS-Prevention.patch | 183 |
1 files changed, 0 insertions, 183 deletions
diff --git a/net-proxy/tinyproxy/files/tinyproxy-1.8.3-r2-DoS-Prevention.patch b/net-proxy/tinyproxy/files/tinyproxy-1.8.3-r2-DoS-Prevention.patch deleted file mode 100644 index 059f178c1ee2..000000000000 --- a/net-proxy/tinyproxy/files/tinyproxy-1.8.3-r2-DoS-Prevention.patch +++ /dev/null @@ -1,183 +0,0 @@ -https://banu.com/bugzilla/show_bug.cgi?id=110#c4 - -From 526215dbb4abb1cff9a170343fa50dbda9492eb1 Mon Sep 17 00:00:00 2001 -From: Michael Adam <obnox@samba.org> -Date: Fri, 15 Mar 2013 12:34:01 +0100 -Subject: [PATCH 1/2] [BB#110] secure the hashmaps by adding a seed - -Based on patch provided by gpernot@praksys.org on bugzilla. - -Signed-off-by: Michael Adam <obnox@samba.org> ---- - configure.ac | 2 ++ - src/child.c | 1 + - src/hashmap.c | 14 ++++++++------ - 3 files changed, 11 insertions(+), 6 deletions(-) - -diff --git a/configure.ac b/configure.ac -index ecbcba0..cc40e85 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -205,6 +205,8 @@ AC_CHECK_FUNCS([gethostname inet_ntoa memchr memset select socket strcasecmp \ - AC_CHECK_FUNCS([isascii memcpy setrlimit ftruncate regcomp regexec]) - AC_CHECK_FUNCS([strlcpy strlcat]) - -+AC_CHECK_FUNCS([time rand srand]) -+ - - dnl Enable extra warnings - DESIRED_FLAGS="-fdiagnostics-show-option -Wall -Wextra -Wno-unused-parameter -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -Wfloat-equal -Wundef -Wformat=2 -Wlogical-op -Wmissing-include-dirs -Wformat-nonliteral -Wold-style-definition -Wpointer-arith -Waggregate-return -Winit-self -Wpacked --std=c89 -ansi -pedantic -Wno-overlength-strings -Wc++-compat -Wno-long-long -Wno-overlength-strings -Wdeclaration-after-statement -Wredundant-decls -Wmissing-noreturn -Wshadow -Wendif-labels -Wcast-qual -Wcast-align -Wwrite-strings -Wp,-D_FORTIFY_SOURCE=2 -fno-common" -diff --git a/src/child.c b/src/child.c -index 34e20e0..0d778d9 100644 ---- a/src/child.c -+++ b/src/child.c -@@ -196,6 +196,7 @@ static void child_main (struct child_s *ptr) - } - - ptr->connects = 0; -+ srand(time(NULL)); - - while (!config.quit) { - ptr->status = T_WAITING; -diff --git a/src/hashmap.c b/src/hashmap.c -index f46fdcb..8cf7c6b 100644 ---- a/src/hashmap.c -+++ b/src/hashmap.c -@@ -50,6 +50,7 @@ struct hashbucket_s { - }; - - struct hashmap_s { -+ uint32_t seed; - unsigned int size; - hashmap_iter end_iterator; - -@@ -65,7 +66,7 @@ struct hashmap_s { - * - * If any of the arguments are invalid a negative number is returned. - */ --static int hashfunc (const char *key, unsigned int size) -+static int hashfunc (const char *key, unsigned int size, uint32_t seed) - { - uint32_t hash; - -@@ -74,7 +75,7 @@ static int hashfunc (const char *key, unsigned int size) - if (size == 0) - return -ERANGE; - -- for (hash = tolower (*key++); *key != '\0'; key++) { -+ for (hash = seed; *key != '\0'; key++) { - uint32_t bit = (hash & 1) ? (1 << (sizeof (uint32_t) - 1)) : 0; - - hash >>= 1; -@@ -104,6 +105,7 @@ hashmap_t hashmap_create (unsigned int nbuckets) - if (!ptr) - return NULL; - -+ ptr->seed = (uint32_t)rand(); - ptr->size = nbuckets; - ptr->buckets = (struct hashbucket_s *) safecalloc (nbuckets, - sizeof (struct -@@ -201,7 +203,7 @@ hashmap_insert (hashmap_t map, const char *key, const void *data, size_t len) - if (!data || len < 1) - return -ERANGE; - -- hash = hashfunc (key, map->size); -+ hash = hashfunc (key, map->size, map->seed); - if (hash < 0) - return hash; - -@@ -382,7 +384,7 @@ ssize_t hashmap_search (hashmap_t map, const char *key) - if (map == NULL || key == NULL) - return -EINVAL; - -- hash = hashfunc (key, map->size); -+ hash = hashfunc (key, map->size, map->seed); - if (hash < 0) - return hash; - -@@ -416,7 +418,7 @@ ssize_t hashmap_entry_by_key (hashmap_t map, const char *key, void **data) - if (!map || !key || !data) - return -EINVAL; - -- hash = hashfunc (key, map->size); -+ hash = hashfunc (key, map->size, map->seed); - if (hash < 0) - return hash; - -@@ -451,7 +453,7 @@ ssize_t hashmap_remove (hashmap_t map, const char *key) - if (map == NULL || key == NULL) - return -EINVAL; - -- hash = hashfunc (key, map->size); -+ hash = hashfunc (key, map->size, map->seed); - if (hash < 0) - return hash; - --- -1.7.9.5 - -https://banu.com/bugzilla/show_bug.cgi?id=110#c5 - -From f1189daec6866efeb44f24073cd19d7ece86e537 Mon Sep 17 00:00:00 2001 -From: Michael Adam <obnox@samba.org> -Date: Fri, 15 Mar 2013 13:10:01 +0100 -Subject: [PATCH 2/2] [BB#110] limit the number of headers per request to - prevent DoS - -Based on patch provided by gpernot@praksys.org on bugzilla. - -Signed-off-by: Michael Adam <obnox@samba.org> ---- - src/reqs.c | 17 ++++++++++++++++- - 1 file changed, 16 insertions(+), 1 deletion(-) - -diff --git a/src/reqs.c b/src/reqs.c -index 2de43a8..af014ba 100644 ---- a/src/reqs.c -+++ b/src/reqs.c -@@ -611,12 +611,19 @@ add_header_to_connection (hashmap_t hashofheaders, char *header, size_t len) - } - - /* -+ * define max number of headers. -+ * big enough to handle legitimate cases, but limited to avoid DoS -+ */ -+#define MAX_HEADERS 10000 -+ -+/* - * Read all the headers from the stream - */ - static int get_all_headers (int fd, hashmap_t hashofheaders) - { - char *line = NULL; - char *header = NULL; -+ int count; - char *tmp; - ssize_t linelen; - ssize_t len = 0; -@@ -625,7 +632,7 @@ static int get_all_headers (int fd, hashmap_t hashofheaders) - assert (fd >= 0); - assert (hashofheaders != NULL); - -- for (;;) { -+ for (count = 0; count < MAX_HEADERS; count++) { - if ((linelen = readline (fd, &line)) <= 0) { - safefree (header); - safefree (line); -@@ -691,6 +698,14 @@ static int get_all_headers (int fd, hashmap_t hashofheaders) - - safefree (line); - } -+ -+ /* -+ * if we get there, this is we reached MAX_HEADERS count -+ * bail out with error -+ */ -+ safefree (header); -+ safefree (line); -+ return -1; - } - - /* --- -1.7.9.5 |