[oe] [PATCH] libmicrohttpd: Fix a segmentation fault on upgrade error
José Bollo
jobol at nonadev.net
Fri May 5 08:26:20 UTC 2017
On Fri, 5 May 2017 10:07:18 +0200
A backport to pyro is a very good idea because this fixes a
vulnerability.
I don't know the procedure, maybe this simple mail is enough ?
Best regards
José Bollo
jobol at nonadev.net wrote:
> When a connection upgrade is requested and when the
> request sent an error reply, it happened most often
> that a segmentation fault occured.
>
> The patch applied here is a backport from the
> upstream (see https://gnunet.org/git/libmicrohttpd.git/
> commit b4216c60fdb5b48f6cfec416301fc63a1167e6cd).
>
> Change-Id: I6847550ba2c4fc24d5caf8912ac6d5ac89ae01fb
> Signed-off-by: José Bollo <jose.bollo at iot.bzh>
> ---
> .../Check-response-existence-on-upgrade.patch | 49
> ++++++++++++++++++++++ .../libmicrohttpd/libmicrohttpd_0.9.53.bb
> | 3 ++ 2 files changed, 52 insertions(+)
> create mode 100644
> meta-oe/recipes-support/libmicrohttpd/libmicrohttpd/Check-response-existence-on-upgrade.patch
>
> diff --git
> a/meta-oe/recipes-support/libmicrohttpd/libmicrohttpd/Check-response-existence-on-upgrade.patch
> b/meta-oe/recipes-support/libmicrohttpd/libmicrohttpd/Check-response-existence-on-upgrade.patch
> new file mode 100644 index 0000000..a02bbd4 --- /dev/null
> +++
> b/meta-oe/recipes-support/libmicrohttpd/libmicrohttpd/Check-response-existence-on-upgrade.patch
> @@ -0,0 +1,49 @@ +From: jose.bollo at iot.bzh
> +Date: Thu, 4 May 2017 21:47:38 +0200
> +Subject: [PATCH] Check response existence on upgrade
> +MIME-Version: 1.0
> +Content-Type: text/plain; charset=UTF-8
> +Content-Transfer-Encoding: 8bit
> +
> +When a connection upgrade is requested and when the
> +request sent an error reply, the response is most of
> +the time already sent when the test on
> +connection->response->upgrade_handler is made, leading
> +to dereferencing NULL.
> +
> +Two possibilities exist:
> +
> + NULL == connection->response || NULL ==
> connection->response->upgrade_handler +
> +or
> +
> + NULL != connection->response && NULL ==
> connection->response->upgrade_handler +
> +The first is prefered because it is probably safer to close the
> connection +in that case.
> +
> +Upstream-Status: Accepted
> [https://gnunet.org/git/libmicrohttpd.git/commit/?id=b4216c60fdb5b48f6cfec416301fc63a1167e6cd]
> + +Change-Id: Ie6e7fc165f7fe3635ade0952bb34a0b937d38716
> +Signed-off-by: José Bollo <jobol at nonadev.net>
> +Signed-off-by: José Bollo <jose.bollo at iot.bzh>
> +---
> + src/microhttpd/connection.c | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/src/microhttpd/connection.c
> b/src/microhttpd/connection.c +index a495524..d39c110 100644
> +--- a/src/microhttpd/connection.c
> ++++ b/src/microhttpd/connection.c
> +@@ -882,7 +882,7 @@ keepalive_possible (struct MHD_Connection
> *connection)
> + #ifdef UPGRADE_SUPPORT
> + if ( (MHD_str_equal_caseless_ (end,
> + "upgrade")) &&
> +- (NULL == connection->response->upgrade_handler) )
> ++ (NULL == connection->response || NULL ==
> connection->response->upgrade_handler) )
> + return MHD_NO;
> + #endif /* UPGRADE_SUPPORT */
> +
> +--
> +2.9.3
> +
> diff --git
> a/meta-oe/recipes-support/libmicrohttpd/libmicrohttpd_0.9.53.bb
> b/meta-oe/recipes-support/libmicrohttpd/libmicrohttpd_0.9.53.bb index
> a7f032a..45f2460 100644 ---
> a/meta-oe/recipes-support/libmicrohttpd/libmicrohttpd_0.9.53.bb +++
> b/meta-oe/recipes-support/libmicrohttpd/libmicrohttpd_0.9.53.bb @@
> -9,6 +9,9 @@ SRC_URI =
> "http://ftp.gnu.org/gnu/libmicrohttpd/${BPN}-${PV}.tar.gz"
> SRC_URI[md5sum] = "5a425e993a0f5295aecb5d6607a1c242"
> SRC_URI[sha256sum] =
> "9b15ec2d381f44936323adfd4f989fa35add517cccbbfa581896b02a393c2cc4"
> +FILESEXTRAPATHS_append := ":${THISDIR}/${PN}" +SRC_URI += "
> file://Check-response-existence-on-upgrade.patch" + inherit autotools
> lib_package pkgconfig gettext EXTRA_OECONF += "--disable-static
> --with-gnutls=${STAGING_LIBDIR}/../"
More information about the Openembedded-devel
mailing list