From f8f98b08972c5687592a18eb8de0ca521b76629c Mon Sep 17 00:00:00 2001 From: =?utf8?q?Arkadiusz=20Mi=C5=9Bkiewicz?= Date: Wed, 5 Jun 2013 20:00:46 +0200 Subject: [PATCH] - rel 2; avoid SEGV when crypt() returns error in case of invalid salt or wrong lack of nss freebl module --- lighttpd-crypt.patch | 12 ++++++++++++ lighttpd.spec | 4 +++- 2 files changed, 15 insertions(+), 1 deletion(-) create mode 100644 lighttpd-crypt.patch diff --git a/lighttpd-crypt.patch b/lighttpd-crypt.patch new file mode 100644 index 0000000..66ad80a --- /dev/null +++ b/lighttpd-crypt.patch @@ -0,0 +1,12 @@ +diff -urN lighttpd-1.4.32.org/src/http_auth.c lighttpd-1.4.32/src/http_auth.c +--- lighttpd-1.4.32.org/src/http_auth.c 2012-05-17 11:29:24.000000000 +0200 ++++ lighttpd-1.4.32/src/http_auth.c 2013-06-05 19:58:07.828450230 +0200 +@@ -688,6 +688,8 @@ + salt[salt_len] = '\0'; + + crypted = crypt(pw, salt); ++ if (NULL == crypted) ++ return -1; + + if (0 == strcmp(password->ptr, crypted)) { + return 0; diff --git a/lighttpd.spec b/lighttpd.spec index ef290e6..f31ecf8 100644 --- a/lighttpd.spec +++ b/lighttpd.spec @@ -29,7 +29,7 @@ Summary: Fast and light HTTP server Summary(pl.UTF-8): Szybki i lekki serwer HTTP Name: lighttpd Version: 1.4.32 -Release: 1 +Release: 2 License: BSD Group: Networking/Daemons/HTTP Source0: http://download.lighttpd.net/lighttpd/releases-1.4.x/%{name}-%{version}.tar.bz2 @@ -100,6 +100,7 @@ Patch2: %{name}-mod_h264_streaming.patch Patch3: %{name}-branding.patch Patch5: %{name}-mod_deflate.patch Patch6: test-port-setup.patch +Patch7: %{name}-crypt.patch #Patch: %{name}-modinit-before-fork.patch #Patch: %{name}-errorlog-before-fork.patch URL: http://www.lighttpd.net/ @@ -836,6 +837,7 @@ Plik monitrc do monitorowania serwera www lighttpd. %patch3 -p1 %{?with_deflate:%patch5 -p1} %patch6 -p1 +%patch7 -p1 rm -f src/mod_ssi_exprparser.h # bad patching: should be removed by is emptied instead -- 2.44.0