On Fri, 5 May 2017 10:07:18 +0200 A backport to pyro is a very good idea because this fixes a vulnerability.
I don't know the procedure, maybe this simple mail is enough ? Best regards José Bollo [email protected] wrote: > When a connection upgrade is requested and when the > request sent an error reply, it happened most often > that a segmentation fault occured. > > The patch applied here is a backport from the > upstream (see https://gnunet.org/git/libmicrohttpd.git/ > commit b4216c60fdb5b48f6cfec416301fc63a1167e6cd). > > Change-Id: I6847550ba2c4fc24d5caf8912ac6d5ac89ae01fb > Signed-off-by: José Bollo <[email protected]> > --- > .../Check-response-existence-on-upgrade.patch | 49 > ++++++++++++++++++++++ .../libmicrohttpd/libmicrohttpd_0.9.53.bb > | 3 ++ 2 files changed, 52 insertions(+) > create mode 100644 > meta-oe/recipes-support/libmicrohttpd/libmicrohttpd/Check-response-existence-on-upgrade.patch > > diff --git > a/meta-oe/recipes-support/libmicrohttpd/libmicrohttpd/Check-response-existence-on-upgrade.patch > b/meta-oe/recipes-support/libmicrohttpd/libmicrohttpd/Check-response-existence-on-upgrade.patch > new file mode 100644 index 0000000..a02bbd4 --- /dev/null > +++ > b/meta-oe/recipes-support/libmicrohttpd/libmicrohttpd/Check-response-existence-on-upgrade.patch > @@ -0,0 +1,49 @@ +From: [email protected] > +Date: Thu, 4 May 2017 21:47:38 +0200 > +Subject: [PATCH] Check response existence on upgrade > +MIME-Version: 1.0 > +Content-Type: text/plain; charset=UTF-8 > +Content-Transfer-Encoding: 8bit > + > +When a connection upgrade is requested and when the > +request sent an error reply, the response is most of > +the time already sent when the test on > +connection->response->upgrade_handler is made, leading > +to dereferencing NULL. > + > +Two possibilities exist: > + > + NULL == connection->response || NULL == > connection->response->upgrade_handler + > +or > + > + NULL != connection->response && NULL == > connection->response->upgrade_handler + > +The first is prefered because it is probably safer to close the > connection +in that case. > + > +Upstream-Status: Accepted > [https://gnunet.org/git/libmicrohttpd.git/commit/?id=b4216c60fdb5b48f6cfec416301fc63a1167e6cd] > + +Change-Id: Ie6e7fc165f7fe3635ade0952bb34a0b937d38716 > +Signed-off-by: José Bollo <[email protected]> > +Signed-off-by: José Bollo <[email protected]> > +--- > + src/microhttpd/connection.c | 2 +- > + 1 file changed, 1 insertion(+), 1 deletion(-) > + > +diff --git a/src/microhttpd/connection.c > b/src/microhttpd/connection.c +index a495524..d39c110 100644 > +--- a/src/microhttpd/connection.c > ++++ b/src/microhttpd/connection.c > +@@ -882,7 +882,7 @@ keepalive_possible (struct MHD_Connection > *connection) > + #ifdef UPGRADE_SUPPORT > + if ( (MHD_str_equal_caseless_ (end, > + "upgrade")) && > +- (NULL == connection->response->upgrade_handler) ) > ++ (NULL == connection->response || NULL == > connection->response->upgrade_handler) ) > + return MHD_NO; > + #endif /* UPGRADE_SUPPORT */ > + > +-- > +2.9.3 > + > diff --git > a/meta-oe/recipes-support/libmicrohttpd/libmicrohttpd_0.9.53.bb > b/meta-oe/recipes-support/libmicrohttpd/libmicrohttpd_0.9.53.bb index > a7f032a..45f2460 100644 --- > a/meta-oe/recipes-support/libmicrohttpd/libmicrohttpd_0.9.53.bb +++ > b/meta-oe/recipes-support/libmicrohttpd/libmicrohttpd_0.9.53.bb @@ > -9,6 +9,9 @@ SRC_URI = > "http://ftp.gnu.org/gnu/libmicrohttpd/${BPN}-${PV}.tar.gz"; > SRC_URI[md5sum] = "5a425e993a0f5295aecb5d6607a1c242" > SRC_URI[sha256sum] = > "9b15ec2d381f44936323adfd4f989fa35add517cccbbfa581896b02a393c2cc4" > +FILESEXTRAPATHS_append := ":${THISDIR}/${PN}" +SRC_URI += " > file://Check-response-existence-on-upgrade.patch" + inherit autotools > lib_package pkgconfig gettext EXTRA_OECONF += "--disable-static > --with-gnutls=${STAGING_LIBDIR}/../" -- _______________________________________________ Openembedded-devel mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-devel
