diff options
-rw-r--r-- | main/tinyproxy/APKBUILD | 11 | ||||
-rw-r--r-- | main/tinyproxy/tinyproxy-1.6.5-limit_headers.patch | 42 |
2 files changed, 51 insertions, 2 deletions
diff --git a/main/tinyproxy/APKBUILD b/main/tinyproxy/APKBUILD index 4e9cf93cc13..1362ad5c15b 100644 --- a/main/tinyproxy/APKBUILD +++ b/main/tinyproxy/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Michael Mason <ms13sp@gmail.com> pkgname=tinyproxy pkgver=1.6.5 -pkgrel=7 +pkgrel=8 pkgdesc="Lightweight HTTP proxy" pkgusers="tinyproxy" pkggroups="tinyproxy" @@ -13,13 +13,19 @@ depends= makedepends=wget install="tinyproxy.pre-install tinyproxy.post-install" subpackages="$pkgname-doc" -source="https://www.banu.com/pub/$pkgname/1.6/$pkgname-$pkgver.tar.gz +source="https://www.banu.com/pub/$pkgname/${pkgver%.*}/$pkgname-$pkgver.tar.gz + tinyproxy-1.6.5-limit_headers.patch tinyproxy.initd " _builddir="$srcdir/$pkgname-$pkgver" build() { cd "$_builddir" + for i in $source; do + case $i in + *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; + esac + done # set default user to tinyproxy:tinyproxy and correct pidfile sed -i -e 's:^User.*:User tinyproxy:' \ @@ -43,4 +49,5 @@ package() { } md5sums="2b2862ba33d2939e4572688d442ba415 tinyproxy-1.6.5.tar.gz +da3585389c4fd4ba5fae89b0e8327ee4 tinyproxy-1.6.5-limit_headers.patch ce2b2e3c79fa0e8491fe625bbb15710a tinyproxy.initd" diff --git a/main/tinyproxy/tinyproxy-1.6.5-limit_headers.patch b/main/tinyproxy/tinyproxy-1.6.5-limit_headers.patch new file mode 100644 index 00000000000..e1ca9a901ac --- /dev/null +++ b/main/tinyproxy/tinyproxy-1.6.5-limit_headers.patch @@ -0,0 +1,42 @@ +diff --git a/src/reqs.c b/src/reqs.c +index bc77f8c..f33c450 100644 +--- a/src/reqs.c ++++ b/src/reqs.c +@@ -864,6 +864,11 @@ add_header_to_connection(hashmap_t hashofheaders, char *header, size_t len) + return hashmap_insert(hashofheaders, header, sep, len); + } + ++/* define max number of headers. big enough to handle legitimate cases, ++ * but limited to avoid DoS ++ */ ++#define MAX_HEADERS 10000 ++ + /* + * Read all the headers from the stream + */ +@@ -873,11 +878,12 @@ get_all_headers(int fd, hashmap_t hashofheaders) + char *header; + ssize_t len; + unsigned int double_cgi = FALSE; /* boolean */ ++ int count; + + assert(fd >= 0); + assert(hashofheaders != NULL); + +- for (;;) { ++ for (count = 0; count < MAX_HEADERS; count++) { + if ((len = readline(fd, &header)) <= 0) { + safefree(header); + return -1; +@@ -918,6 +924,11 @@ get_all_headers(int fd, hashmap_t hashofheaders) + + safefree(header); + } ++ ++ /* if we get there, this is we reached MAX_HEADERS count. ++ bail out with error */ ++ safefree (header); ++ return -1; + } + + /* |