Hello community, here is the log from the commit of package tinyproxy for openSUSE:Factory checked in at 2013-07-04 18:07:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tinyproxy (Old) and /work/SRC/openSUSE:Factory/.tinyproxy.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tinyproxy" Changes: -------- --- /work/SRC/openSUSE:Factory/tinyproxy/tinyproxy.changes 2012-02-23 15:34:55.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.tinyproxy.new/tinyproxy.changes 2013-07-04 18:07:07.000000000 +0200 @@ -1,0 +2,7 @@ +Thu Jul 4 00:07:06 UTC 2013 - [email protected] + +- Add 110-seeding.diff, 110-headerlimit.diff to address + CVE-2012-3505 (bnc#776506) +- Refresh tinyproxy-conf.patch to be in -p1 format rather than -p0 + +------------------------------------------------------------------- New: ---- 110-headerlimit.diff 110-seeding.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tinyproxy.spec ++++++ --- /var/tmp/diff_new_pack.Q8Uqs5/_old 2013-07-04 18:07:08.000000000 +0200 +++ /var/tmp/diff_new_pack.Q8Uqs5/_new 2013-07-04 18:07:08.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package tinyproxy # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -30,7 +30,9 @@ Source: https://banu.com/pub/tinyproxy/1.8/%{name}-%{version}.tar.bz2 Source1: %{name}.logrotate Source2: %{name}.init -Patch0: %{name}-conf.patch +Patch1: tinyproxy-conf.patch +Patch2: 110-seeding.diff +Patch3: 110-headerlimit.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build # libxslt -> xsltproc @@ -46,8 +48,8 @@ system resources for a larger proxy are unavailable. %prep -%setup -q -n %{name}-%{version} -%patch0 +%setup -q +%patch -P 1 -P 2 -P 3 -p1 %build %configure ++++++ 110-headerlimit.diff ++++++ References: https://banu.com/bugzilla/show_bug.cgi?id=110 References: http://bugzilla.novell.com/776506 @@ -, +, @@ prevent DoS --- src/reqs.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) --- a/src/reqs.c +++ a/src/reqs.c @@ -611,12 +611,19 @@ add_header_to_connection (hashmap_t hashofheaders, char *header, size_t len) } /* + * define max number of headers. + * big enough to handle legitimate cases, but limited to avoid DoS + */ +#define MAX_HEADERS 10000 + +/* * Read all the headers from the stream */ static int get_all_headers (int fd, hashmap_t hashofheaders) { char *line = NULL; char *header = NULL; + int count; char *tmp; ssize_t linelen; ssize_t len = 0; @@ -625,7 +632,7 @@ static int get_all_headers (int fd, hashmap_t hashofheaders) assert (fd >= 0); assert (hashofheaders != NULL); - for (;;) { + for (count = 0; count < MAX_HEADERS; count++) { if ((linelen = readline (fd, &line)) <= 0) { safefree (header); safefree (line); @@ -691,6 +698,14 @@ static int get_all_headers (int fd, hashmap_t hashofheaders) safefree (line); } + + /* + * if we get there, this is we reached MAX_HEADERS count + * bail out with error + */ + safefree (header); + safefree (line); + return -1; } /* -- ++++++ 110-seeding.diff ++++++ References: https://banu.com/bugzilla/show_bug.cgi?id=110 References: http://bugzilla.novell.com/776506 @@ -, +, @@ --- configure.ac | 2 ++ src/child.c | 1 + src/hashmap.c | 14 ++++++++------ 3 files changed, 11 insertions(+), 6 deletions(-) Index: tinyproxy-1.8.3/configure.ac =================================================================== --- tinyproxy-1.8.3.orig/configure.ac +++ tinyproxy-1.8.3/configure.ac @@ -205,6 +205,8 @@ AC_CHECK_FUNCS([gethostname inet_ntoa me AC_CHECK_FUNCS([isascii memcpy setrlimit ftruncate regcomp regexec]) AC_CHECK_FUNCS([strlcpy strlcat]) +AC_CHECK_FUNCS([time rand srand]) + dnl Enable extra warnings DESIRED_FLAGS="-fdiagnostics-show-option -Wall -Wextra -Wno-unused-parameter -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -Wfloat-equal -Wundef -Wformat=2 -Wlogical-op -Wmissing-include-dirs -Wformat-nonliteral -Wold-style-definition -Wpointer-arith -Waggregate-return -Winit-self -Wpacked --std=c89 -ansi -pedantic -Wc++-compat -Wno-long-long -Wno-overlength-strings -Wdeclaration-after-statement -Wredundant-decls -Wmissing-noreturn -Wshadow -Wendif-labels -Wcast-qual -Wcast-align -Wwrite-strings -Wp,-D_FORTIFY_SOURCE=2 -fno-common" Index: tinyproxy-1.8.3/src/child.c =================================================================== --- tinyproxy-1.8.3.orig/src/child.c +++ tinyproxy-1.8.3/src/child.c @@ -196,6 +196,7 @@ static void child_main (struct child_s * } ptr->connects = 0; + srand(time(NULL)); while (!config.quit) { ptr->status = T_WAITING; Index: tinyproxy-1.8.3/src/hashmap.c =================================================================== --- tinyproxy-1.8.3.orig/src/hashmap.c +++ tinyproxy-1.8.3/src/hashmap.c @@ -50,6 +50,7 @@ struct hashbucket_s { }; struct hashmap_s { + uint32_t seed; unsigned int size; hashmap_iter end_iterator; @@ -65,7 +66,7 @@ struct hashmap_s { * * If any of the arguments are invalid a negative number is returned. */ -static int hashfunc (const char *key, unsigned int size) +static int hashfunc (const char *key, unsigned int size, uint32_t seed) { uint32_t hash; @@ -74,7 +75,7 @@ static int hashfunc (const char *key, un if (size == 0) return -ERANGE; - for (hash = tolower (*key++); *key != '\0'; key++) { + for (hash = seed; *key != '\0'; key++) { uint32_t bit = (hash & 1) ? (1 << (sizeof (uint32_t) - 1)) : 0; hash >>= 1; @@ -104,6 +105,7 @@ hashmap_t hashmap_create (unsigned int n if (!ptr) return NULL; + ptr->seed = (uint32_t)rand(); ptr->size = nbuckets; ptr->buckets = (struct hashbucket_s *) safecalloc (nbuckets, sizeof (struct @@ -201,7 +203,7 @@ hashmap_insert (hashmap_t map, const cha if (!data || len < 1) return -ERANGE; - hash = hashfunc (key, map->size); + hash = hashfunc (key, map->size, map->seed); if (hash < 0) return hash; @@ -382,7 +384,7 @@ ssize_t hashmap_search (hashmap_t map, c if (map == NULL || key == NULL) return -EINVAL; - hash = hashfunc (key, map->size); + hash = hashfunc (key, map->size, map->seed); if (hash < 0) return hash; @@ -416,7 +418,7 @@ ssize_t hashmap_entry_by_key (hashmap_t if (!map || !key || !data) return -EINVAL; - hash = hashfunc (key, map->size); + hash = hashfunc (key, map->size, map->seed); if (hash < 0) return hash; @@ -451,7 +453,7 @@ ssize_t hashmap_remove (hashmap_t map, c if (map == NULL || key == NULL) return -EINVAL; - hash = hashfunc (key, map->size); + hash = hashfunc (key, map->size, map->seed); if (hash < 0) return hash; ++++++ tinyproxy-conf.patch ++++++ --- /var/tmp/diff_new_pack.Q8Uqs5/_old 2013-07-04 18:07:08.000000000 +0200 +++ /var/tmp/diff_new_pack.Q8Uqs5/_new 2013-07-04 18:07:08.000000000 +0200 @@ -1,7 +1,14 @@ -Index: etc/tinyproxy.conf.in +From: Christian Wittmer <[email protected]> +Date: 2012-02-23 00:17:13 +0000 + +--- + etc/tinyproxy.conf.in | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +Index: tinyproxy-1.8.3/etc/tinyproxy.conf.in =================================================================== ---- etc/tinyproxy.conf.in.orig -+++ etc/tinyproxy.conf.in +--- tinyproxy-1.8.3.orig/etc/tinyproxy.conf.in ++++ tinyproxy-1.8.3/etc/tinyproxy.conf.in @@ -12,8 +12,8 @@ # as the root user. Either the user or group name or the UID or GID # number may be used. -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
