From: Li Wang <li.w...@windriver.com> [ CQID: WIND00393362 ]
Fix handling of empty header list entries in http_request_split_value, fixing invalid read in valgrind (fixes #2413) http://redmine.lighttpd.net/issues/2413 http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2830 Signed-off-by: Li Wang <li.w...@windriver.com> Signed-off-by: Robert Yang <liezhi.y...@windriver.com> Signed-off-by: Mark Hatle <mark.ha...@windriver.com> --- .../lighttpd-fixing-invalid-read-in-valgrind.patch | 33 ++++++++++++++++++++++ meta/recipes-extended/lighttpd/lighttpd_1.4.30.bb | 3 +- 2 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-extended/lighttpd/files/lighttpd-fixing-invalid-read-in-valgrind.patch diff --git a/meta/recipes-extended/lighttpd/files/lighttpd-fixing-invalid-read-in-valgrind.patch b/meta/recipes-extended/lighttpd/files/lighttpd-fixing-invalid-read-in-valgrind.patch new file mode 100644 index 0000000..9c2e574 --- /dev/null +++ b/meta/recipes-extended/lighttpd/files/lighttpd-fixing-invalid-read-in-valgrind.patch @@ -0,0 +1,33 @@ +lighttpd: fixing invalid read in valgrind + +Fix handling of empty header list entries in http_request_split_value, +fixing invalid read in valgrind (fixes #2413) + +http://redmine.lighttpd.net/issues/2413 +http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2830 + +Signed-off-by: Li Wang <li.w...@windriver.com> +--- + src/request.c | 4 +++- + 1 files changed, 3 insertions(+), 1 deletions(-) + +diff --git a/src/request.c b/src/request.c +index a48bf48..e76a98f 100644 +--- a/src/request.c ++++ b/src/request.c +@@ -241,9 +241,11 @@ static int http_request_split_value(array *vals, buffer *b) { + start = s; + + for (; *s != ',' && i < b->used - 1; i++, s++); ++ if (start == s) break; /* empty fields are skipped */ + end = s - 1; + +- for (; (*end == ' ' || *end == '\t') && end > start; end--); ++ for (; end > start && (*end == ' ' || *end == '\t'); end--); ++ if (start == end) break; /* empty fields are skipped */ + + if (NULL == (ds = (data_string *)array_get_unused_element(vals, TYPE_STRING))) { + ds = data_string_init(); +-- +1.7.0.5 + diff --git a/meta/recipes-extended/lighttpd/lighttpd_1.4.30.bb b/meta/recipes-extended/lighttpd/lighttpd_1.4.30.bb index 3ae3867..c4008af 100644 --- a/meta/recipes-extended/lighttpd/lighttpd_1.4.30.bb +++ b/meta/recipes-extended/lighttpd/lighttpd_1.4.30.bb @@ -16,12 +16,13 @@ RDEPENDS_${PN} += " \ lighttpd-module-staticfile \ " -PR = "r0" +PR = "r1" SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.tar.bz2 \ file://index.html.lighttpd \ file://lighttpd.conf \ file://lighttpd \ + file://lighttpd-fixing-invalid-read-in-valgrind.patch \ " SRC_URI[md5sum] = "63f9df52dcae0ab5689a95c99c54e48a" -- 1.8.1.2.545.g2f19ada _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
