[OE-core] [denzil 16/18] lighttpd: fixing invalid read in valgrind

Mark Hatle mark.hatle at windriver.com
Thu Feb 7 23:56:43 UTC 2013


From: Li Wang <li.wang at windriver.com>

[ CQID: WIND00393362 ]

Fix handling of empty header list entries in http_request_split_value,
fixing invalid read in valgrind (fixes #2413)

http://redmine.lighttpd.net/issues/2413
http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2830

Signed-off-by: Li Wang <li.wang at windriver.com>
Signed-off-by: Robert Yang <liezhi.yang at windriver.com>
Signed-off-by: Mark Hatle <mark.hatle at windriver.com>
---
 .../lighttpd-fixing-invalid-read-in-valgrind.patch | 33 ++++++++++++++++++++++
 meta/recipes-extended/lighttpd/lighttpd_1.4.30.bb  |  3 +-
 2 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-extended/lighttpd/files/lighttpd-fixing-invalid-read-in-valgrind.patch

diff --git a/meta/recipes-extended/lighttpd/files/lighttpd-fixing-invalid-read-in-valgrind.patch b/meta/recipes-extended/lighttpd/files/lighttpd-fixing-invalid-read-in-valgrind.patch
new file mode 100644
index 0000000..9c2e574
--- /dev/null
+++ b/meta/recipes-extended/lighttpd/files/lighttpd-fixing-invalid-read-in-valgrind.patch
@@ -0,0 +1,33 @@
+lighttpd: fixing invalid read in valgrind
+
+Fix handling of empty header list entries in http_request_split_value,
+fixing invalid read in valgrind (fixes #2413)
+
+http://redmine.lighttpd.net/issues/2413
+http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2830
+
+Signed-off-by: Li Wang <li.wang at windriver.com>
+---
+ src/request.c |    4 +++-
+ 1 files changed, 3 insertions(+), 1 deletions(-)
+
+diff --git a/src/request.c b/src/request.c
+index a48bf48..e76a98f 100644
+--- a/src/request.c
++++ b/src/request.c
+@@ -241,9 +241,11 @@ static int http_request_split_value(array *vals, buffer *b) {
+ 			start = s;
+ 
+ 			for (; *s != ',' && i < b->used - 1; i++, s++);
++			if (start == s) break; /* empty fields are skipped */
+ 			end = s - 1;
+ 
+-			for (; (*end == ' ' || *end == '\t') && end > start; end--);
++			for (; end > start && (*end == ' ' || *end == '\t'); end--);
++			if (start == end) break; /* empty fields are skipped */
+ 
+ 			if (NULL == (ds = (data_string *)array_get_unused_element(vals, TYPE_STRING))) {
+ 				ds = data_string_init();
+-- 
+1.7.0.5
+
diff --git a/meta/recipes-extended/lighttpd/lighttpd_1.4.30.bb b/meta/recipes-extended/lighttpd/lighttpd_1.4.30.bb
index 3ae3867..c4008af 100644
--- a/meta/recipes-extended/lighttpd/lighttpd_1.4.30.bb
+++ b/meta/recipes-extended/lighttpd/lighttpd_1.4.30.bb
@@ -16,12 +16,13 @@ RDEPENDS_${PN} += " \
                lighttpd-module-staticfile \
 "
 
-PR = "r0"
+PR = "r1"
 
 SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.tar.bz2 \
         file://index.html.lighttpd \
         file://lighttpd.conf \
         file://lighttpd \
+        file://lighttpd-fixing-invalid-read-in-valgrind.patch \
 "
 
 SRC_URI[md5sum] = "63f9df52dcae0ab5689a95c99c54e48a"
-- 
1.8.1.2.545.g2f19ada





More information about the Openembedded-core mailing list