Mercurial > hgrepos > FreeBSD > ports > net > turnserver
annotate files/patch-src_apps_relay_http__server.c @ 3:244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
On GitHub these are the corresponding commits:
- CVE-2020-6061 / TALOS-2020-0984: commit 51a7c2b9bf924890c7a3ff4db9c4976c5a93340a
- CVE-2020-6062 / TALOS-2020-0985: commit e09bcd9f7af5b32c81b37f51835b384b5a7d03a8
These patches are required only when the Web admin interface is activated.
But better safe than sorry...
| author | Franz Glasner <fzglas.hg@dom66.de> |
|---|---|
| date | Thu, 26 Mar 2020 22:25:41 +0100 |
| parents | |
| children |
| rev | line source |
|---|---|
|
3
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
1 --- src/apps/relay/http_server.c.orig 2019-03-02 21:06:19 UTC |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
2 +++ src/apps/relay/http_server.c |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
3 @@ -103,36 +103,45 @@ const char* get_http_date_header() |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
4 |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
5 static struct headers_list * post_parse(char *data, size_t data_len) |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
6 { |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
7 - while((*data=='\r')||(*data=='\n')) ++data; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
8 - char *post_data = (char*)calloc(data_len + 1, sizeof(char)); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
9 - memcpy(post_data, data, data_len); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
10 - char *fmarker = NULL; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
11 - char *fsplit = strtok_r(post_data, "&", &fmarker); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
12 - struct headers_list *list = (struct headers_list*)malloc(sizeof(struct headers_list)); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
13 - ns_bzero(list,sizeof(struct headers_list)); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
14 - while (fsplit != NULL) { |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
15 - char *vmarker = NULL; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
16 - char *key = strtok_r(fsplit, "=", &vmarker); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
17 - char *value = strtok_r(NULL, "=", &vmarker); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
18 - char empty[1]; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
19 - empty[0]=0; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
20 - value = value ? value : empty; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
21 - value = evhttp_decode_uri(value); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
22 - char *p = value; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
23 - while (*p) { |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
24 - if (*p == '+') |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
25 - *p = ' '; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
26 - p++; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
27 + while((*data=='\r')||(*data=='\n')) { ++data; --data_len; } |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
28 + if (data_len) { |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
29 + char *post_data = (char*)calloc(data_len + 1, sizeof(char)); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
30 + if (post_data != NULL) { |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
31 + memcpy(post_data, data, data_len); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
32 + char *fmarker = NULL; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
33 + char *fsplit = strtok_r(post_data, "&", &fmarker); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
34 + struct headers_list *list = (struct headers_list*)malloc(sizeof(struct headers_list)); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
35 + bzero(list,sizeof(struct headers_list)); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
36 + while (fsplit != NULL) { |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
37 + char *vmarker = NULL; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
38 + char *key = strtok_r(fsplit, "=", &vmarker); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
39 + if (key == NULL) |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
40 + break; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
41 + else { |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
42 + char *value = strtok_r(NULL, "=", &vmarker); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
43 + char empty[1]; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
44 + empty[0]=0; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
45 + value = value ? value : empty; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
46 + value = evhttp_decode_uri(value); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
47 + char *p = value; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
48 + while (*p) { |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
49 + if (*p == '+') |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
50 + *p = ' '; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
51 + p++; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
52 + } |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
53 + list->keys = (char**)realloc(list->keys,sizeof(char*)*(list->n+1)); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
54 + list->keys[list->n] = strdup(key); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
55 + list->values = (char**)realloc(list->values,sizeof(char*)*(list->n+1)); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
56 + list->values[list->n] = value; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
57 + ++(list->n); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
58 + fsplit = strtok_r(NULL, "&", &fmarker); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
59 + } |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
60 + } |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
61 + free(post_data); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
62 + return list; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
63 } |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
64 - list->keys = (char**)realloc(list->keys,sizeof(char*)*(list->n+1)); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
65 - list->keys[list->n] = strdup(key); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
66 - list->values = (char**)realloc(list->values,sizeof(char*)*(list->n+1)); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
67 - list->values[list->n] = value; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
68 - ++(list->n); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
69 - fsplit = strtok_r(NULL, "&", &fmarker); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
70 } |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
71 - free(post_data); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
72 - return list; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
73 + return NULL; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
74 } |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
75 |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
76 static struct http_request* parse_http_request_1(struct http_request* ret, char* request, int parse_post) |