[Pkg-apache-commits] r1236 - in /branches/lenny-apr-util: changelog patches/00list patches/021_CVE-2010-1623.dpatch

sf at alioth.debian.org sf at alioth.debian.org
Fri Oct 1 16:14:57 UTC 2010 

Author: sf
Date: Fri Oct  1 16:14:44 2010
New Revision: 1236

URL: http://svn.debian.org/wsvn/pkg-apache/?sc=1&rev=1236
Log:
fix CVE-2010-1623

Added:
    branches/lenny-apr-util/patches/021_CVE-2010-1623.dpatch   (with props)
Modified:
    branches/lenny-apr-util/changelog
    branches/lenny-apr-util/patches/00list

Modified: branches/lenny-apr-util/changelog
URL: http://svn.debian.org/wsvn/pkg-apache/branches/lenny-apr-util/changelog?rev=1236&op=diff
==============================================================================
--- branches/lenny-apr-util/changelog (original)
+++ branches/lenny-apr-util/changelog Fri Oct  1 16:14:44 2010
@@ -1,3 +1,10 @@
+apr-util (1.2.12+dfsg-8+lenny5) stable-security; urgency=high
+
+  * CVE-2010-1623: Fix denial of service vulnerability through memory
+    consumption in apr_brigade_split_line()
+
+ -- Stefan Fritsch <sf at debian.org>  Thu, 30 Sep 2010 17:09:37 +0200
+
 apr-util (1.2.12+dfsg-8+lenny4) stable-security; urgency=high
 
   * CVE-2009-2412: Fix overflow in RMM allocations due to alignment.

Modified: branches/lenny-apr-util/patches/00list
URL: http://svn.debian.org/wsvn/pkg-apache/branches/lenny-apr-util/patches/00list?rev=1236&op=diff
==============================================================================
--- branches/lenny-apr-util/patches/00list (original)
+++ branches/lenny-apr-util/patches/00list Fri Oct  1 16:14:44 2010
@@ -10,4 +10,5 @@
 018_expat_entity_expansion.dpatch
 019_CVE-2009-1956.dpatch
 020_CVE-2009-2412
+021_CVE-2010-1623.dpatch
 099_alternate_md4_md5_impl

Added: branches/lenny-apr-util/patches/021_CVE-2010-1623.dpatch
URL: http://svn.debian.org/wsvn/pkg-apache/branches/lenny-apr-util/patches/021_CVE-2010-1623.dpatch?rev=1236&op=file
==============================================================================
--- branches/lenny-apr-util/patches/021_CVE-2010-1623.dpatch (added)
+++ branches/lenny-apr-util/patches/021_CVE-2010-1623.dpatch Fri Oct  1 16:14:44 2010
@@ -1,0 +1,28 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+# Fix memory consumption when receiving lots of small packages
+# CVE-2010-1623
+ at DPATCH@
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' lenny-apr-util~/buckets/apr_brigade.c lenny-apr-util/buckets/apr_brigade.c
+--- lenny-apr-util~/buckets/apr_brigade.c	2010-09-30 17:10:50.094743227 +0200
++++ lenny-apr-util/buckets/apr_brigade.c	2010-09-30 17:11:48.178286666 +0200
+@@ -326,7 +326,19 @@
+             return APR_SUCCESS;
+         }
+         APR_BUCKET_REMOVE(e);
+-        APR_BRIGADE_INSERT_TAIL(bbOut, e);
++        if (APR_BUCKET_IS_METADATA(e) || len > APR_BUCKET_BUFF_SIZE/4) {
++            APR_BRIGADE_INSERT_TAIL(bbOut, e);
++        }
++        else {
++            if (len > 0) {
++                rv = apr_brigade_write(bbOut, NULL, NULL, str, len);
++                if (rv != APR_SUCCESS) {
++                    apr_bucket_destroy(e);
++                    return rv;
++                }
++            }
++            apr_bucket_destroy(e);
++        }
+         readbytes += len;
+         /* We didn't find an APR_ASCII_LF within the maximum line length. */
+         if (readbytes >= maxbytes) {

Propchange: branches/lenny-apr-util/patches/021_CVE-2010-1623.dpatch
------------------------------------------------------------------------------
    svn:executable = *

More information about the Pkg-apache-commits mailing list