[packages/lighttpd] - rel 2; avoid SEGV when crypt() returns error in case of invalid salt or wrong lack of nss freebl m

arekm arekm at pld-linux.org
Wed Jun 5 20:00:49 CEST 2013 

commit f8f98b08972c5687592a18eb8de0ca521b76629c
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date:   Wed Jun 5 20:00:46 2013 +0200

    - rel 2; avoid SEGV when crypt() returns error in case of invalid salt or wrong lack of nss freebl module

 lighttpd-crypt.patch | 12 ++++++++++++
 lighttpd.spec        |  4 +++-
 2 files changed, 15 insertions(+), 1 deletion(-)
---
diff --git a/lighttpd.spec b/lighttpd.spec
index ef290e6..f31ecf8 100644
--- a/lighttpd.spec
+++ b/lighttpd.spec
@@ -29,7 +29,7 @@ Summary:	Fast and light HTTP server
 Summary(pl.UTF-8):	Szybki i lekki serwer HTTP
 Name:		lighttpd
 Version:	1.4.32
-Release:	1
+Release:	2
 License:	BSD
 Group:		Networking/Daemons/HTTP
 Source0:	http://download.lighttpd.net/lighttpd/releases-1.4.x/%{name}-%{version}.tar.bz2
@@ -100,6 +100,7 @@ Patch2:		%{name}-mod_h264_streaming.patch
 Patch3:		%{name}-branding.patch
 Patch5:		%{name}-mod_deflate.patch
 Patch6:		test-port-setup.patch
+Patch7:		%{name}-crypt.patch
 #Patch:		%{name}-modinit-before-fork.patch
 #Patch:		%{name}-errorlog-before-fork.patch
 URL:		http://www.lighttpd.net/
@@ -836,6 +837,7 @@ Plik monitrc do monitorowania serwera www lighttpd.
 %patch3 -p1
 %{?with_deflate:%patch5 -p1}
 %patch6 -p1
+%patch7 -p1
 
 rm -f src/mod_ssi_exprparser.h # bad patching: should be removed by is emptied instead
 
diff --git a/lighttpd-crypt.patch b/lighttpd-crypt.patch
new file mode 100644
index 0000000..66ad80a
--- /dev/null
+++ b/lighttpd-crypt.patch
@@ -0,0 +1,12 @@
+diff -urN lighttpd-1.4.32.org/src/http_auth.c lighttpd-1.4.32/src/http_auth.c
+--- lighttpd-1.4.32.org/src/http_auth.c	2012-05-17 11:29:24.000000000 +0200
++++ lighttpd-1.4.32/src/http_auth.c	2013-06-05 19:58:07.828450230 +0200
+@@ -688,6 +688,8 @@
+ 		salt[salt_len] = '\0';
+ 
+ 		crypted = crypt(pw, salt);
++		if (NULL == crypted)
++			return -1;
+ 
+ 		if (0 == strcmp(password->ptr, crypted)) {
+ 			return 0;
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/lighttpd.git/commitdiff/f8f98b08972c5687592a18eb8de0ca521b76629c

More information about the pld-cvs-commit mailing list