Bug#560779: Patch to fix crash

Sun, 24 Jan 2010 08:59:54 -0800 

tag 560779 + patch
thanks

The attached patch includes a commit from the upstream sources that fixes the 
crash.

diff -u polipo-1.0.4/debian/changelog polipo-1.0.4/debian/changelog
--- polipo-1.0.4/debian/changelog
+++ polipo-1.0.4/debian/changelog
@@ -1,3 +1,11 @@
+polipo (1.0.4-1.2) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Apply upstream commit to fix DoS via overly large "Content-Length"
+    header; fixes CVE CVE-2009-3305 (closes: #560779)
+
+ -- Andreas Kirschbaum <kirschb...@in-medias-res.com>  Sun, 24 Jan 2010 16:44:03 +0100
+
 polipo (1.0.4-1.1) unstable; urgency=medium
 
   * Non-maintainer upload for RC bug fix.
diff -u polipo-1.0.4/debian/patches/00list polipo-1.0.4/debian/patches/00list
--- polipo-1.0.4/debian/patches/00list
+++ polipo-1.0.4/debian/patches/00list
@@ -4,0 +5 @@
+50_integer_overflow.dpatch
only in patch2:
unchanged:
--- polipo-1.0.4.orig/debian/patches/50_integer_overflow.dpatch
+++ polipo-1.0.4/debian/patches/50_integer_overflow.dpatch
@@ -0,0 +1,46 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 50_integer_overflow.dpatch by Andreas Kirschbaum <kirschb...@in-medias-res.com>
+##
+## DP: Fix an integer overflow in processing client connections
+
+if [ $# -lt 1 ]; then
+    echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
+    exit 1
+fi
+
+[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
+patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}"
+
+case "$1" in
+    -patch) patch -p1 ${patch_opts} < $0;;
+    -unpatch) patch -R -p1 ${patch_opts} < $0;;
+    *)
+	echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
+	exit 1;;
+esac
+
+exit 0
+
+...@dpatch@
+--- polipo-1.0.4.orig/CHANGES
++++ polipo-1.0.4/CHANGES
+@@ -1,3 +1,7 @@
++Polipo 1.0.5 (unreleased)
++
++  * Fix a integer overflow in processing client requests.
++
+ 8 January 2008: Polipo 1.0.4:
+ 
+   * Fixed the handling of tunnels with a parent proxy (thanks to
+--- polipo-1.0.4.orig/client.c
++++ polipo-1.0.4/client.c
+@@ -978,7 +978,7 @@
+     if(connection->bodylen < 0)
+         goto fail;
+ 
+-    if(connection->bodylen + connection->reqbegin < connection->reqlen) {
++    if(connection->bodylen < connection->reqlen - connection->reqbegin) {
+         connection->reqbegin += connection->bodylen;
+         connection->bodylen = 0;
+     } else {
+

Reply via email to