[Pkg-apache-commits] r1237 - in /trunk/apr-util: changelog patches/00list patches/016_CVE-2010-1623.dpatch

sf at alioth.debian.org sf at alioth.debian.org
Fri Oct 1 16:22:21 UTC 2010 

Author: sf
Date: Fri Oct  1 16:22:15 2010
New Revision: 1237

URL: http://svn.debian.org/wsvn/pkg-apache/?sc=1&rev=1237
Log:
Fix CVE-2010-1623, release 1.3.9+dfsg-4

Added:
    trunk/apr-util/patches/016_CVE-2010-1623.dpatch   (with props)
Modified:
    trunk/apr-util/changelog
    trunk/apr-util/patches/00list

Modified: trunk/apr-util/changelog
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apr-util/changelog?rev=1237&op=diff
==============================================================================
--- trunk/apr-util/changelog (original)
+++ trunk/apr-util/changelog Fri Oct  1 16:22:15 2010
@@ -1,3 +1,10 @@
+apr-util (1.3.9+dfsg-4) unstable; urgency=high
+
+  * CVE-2010-1623: Fix denial of service vulnerability through memory
+    consumption in apr_brigade_split_line()
+
+ -- Stefan Fritsch <sf at debian.org>  Fri, 01 Oct 2010 18:19:38 +0200
+
 apr-util (1.3.9+dfsg-3) unstable; urgency=low
 
   * Update to db4.8 (closes: #550443)

Modified: trunk/apr-util/patches/00list
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apr-util/patches/00list?rev=1237&op=diff
==============================================================================
--- trunk/apr-util/patches/00list (original)
+++ trunk/apr-util/patches/00list Fri Oct  1 16:22:15 2010
@@ -7,4 +7,5 @@
 013_ship_find_apu.m4
 014_apu_config_dont_list_indep_libs
 015_disable_expat_buildconf.dpatch
+016_CVE-2010-1623.dpatch
 099_alternate_md4_md5_impl

Added: trunk/apr-util/patches/016_CVE-2010-1623.dpatch
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apr-util/patches/016_CVE-2010-1623.dpatch?rev=1237&op=file
==============================================================================
--- trunk/apr-util/patches/016_CVE-2010-1623.dpatch (added)
+++ trunk/apr-util/patches/016_CVE-2010-1623.dpatch Fri Oct  1 16:22:15 2010
@@ -1,0 +1,28 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+# Fix memory consumption when receiving lots of small packages
+# CVE-2010-1623
+ at DPATCH@
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' lenny-apr-util~/buckets/apr_brigade.c lenny-apr-util/buckets/apr_brigade.c
+--- lenny-apr-util~/buckets/apr_brigade.c	2010-09-30 17:10:50.094743227 +0200
++++ lenny-apr-util/buckets/apr_brigade.c	2010-09-30 17:11:48.178286666 +0200
+@@ -326,7 +326,19 @@
+             return APR_SUCCESS;
+         }
+         APR_BUCKET_REMOVE(e);
+-        APR_BRIGADE_INSERT_TAIL(bbOut, e);
++        if (APR_BUCKET_IS_METADATA(e) || len > APR_BUCKET_BUFF_SIZE/4) {
++            APR_BRIGADE_INSERT_TAIL(bbOut, e);
++        }
++        else {
++            if (len > 0) {
++                rv = apr_brigade_write(bbOut, NULL, NULL, str, len);
++                if (rv != APR_SUCCESS) {
++                    apr_bucket_destroy(e);
++                    return rv;
++                }
++            }
++            apr_bucket_destroy(e);
++        }
+         readbytes += len;
+         /* We didn't find an APR_ASCII_LF within the maximum line length. */
+         if (readbytes >= maxbytes) {

Propchange: trunk/apr-util/patches/016_CVE-2010-1623.dpatch
------------------------------------------------------------------------------
    svn:executable = *

More information about the Pkg-apache-commits mailing list