mirror of
https://github.com/termux/termux-packages
synced 2024-06-19 07:37:06 +00:00
tinyproxy: add patch for CVE-2023-49606 (#20051)
tinyproxy/tinyproxy@12a8484
This commit is contained in:
parent
b8cc78ee8d
commit
60306fe4d1
54
packages/tinyproxy/CVE-2023-49606.patch
Normal file
54
packages/tinyproxy/CVE-2023-49606.patch
Normal file
|
@ -0,0 +1,54 @@
|
|||
From 12a8484265f7b00591293da492bb3c9987001956 Mon Sep 17 00:00:00 2001
|
||||
From: rofl0r <rofl0r@users.noreply.github.com>
|
||||
Date: Sun, 5 May 2024 10:37:29 +0000
|
||||
Subject: [PATCH] fix potential UAF in header handling (CVE-2023-49606)
|
||||
|
||||
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889
|
||||
|
||||
this bug was brought to my attention today by the debian tinyproxy
|
||||
package maintainer. the above link states that the issue was known
|
||||
since last year and that maintainers have been contacted, but if
|
||||
that is even true then it probably was done via a private email
|
||||
to a potentially outdated email address of one of the maintainers,
|
||||
not through the channels described clearly on the tinyproxy homepage:
|
||||
|
||||
> Feel free to report a new bug or suggest features via github issues.
|
||||
> Tinyproxy developers hang out in #tinyproxy on irc.libera.chat.
|
||||
|
||||
no github issue was filed, and nobody mentioned a vulnerability on
|
||||
the mentioned IRC chat. if the issue had been reported on github or
|
||||
IRC, the bug would have been fixed within a day.
|
||||
---
|
||||
src/reqs.c | 9 +++++++--
|
||||
1 file changed, 7 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/reqs.c b/src/reqs.c
|
||||
index 58c97a8..a65ed54 100644
|
||||
--- a/src/reqs.c
|
||||
+++ b/src/reqs.c
|
||||
@@ -779,7 +779,7 @@ static int remove_connection_headers (orderedmap hashofheaders)
|
||||
char *data;
|
||||
char *ptr;
|
||||
ssize_t len;
|
||||
- int i;
|
||||
+ int i,j,df;
|
||||
|
||||
for (i = 0; i != (sizeof (headers) / sizeof (char *)); ++i) {
|
||||
/* Look for the connection header. If it's not found, return. */
|
||||
@@ -804,7 +804,12 @@ static int remove_connection_headers (orderedmap hashofheaders)
|
||||
*/
|
||||
ptr = data;
|
||||
while (ptr < data + len) {
|
||||
- orderedmap_remove (hashofheaders, ptr);
|
||||
+ df = 0;
|
||||
+ /* check that ptr isn't one of headers to prevent
|
||||
+ double-free (CVE-2023-49606) */
|
||||
+ for (j = 0; j != (sizeof (headers) / sizeof (char *)); ++j)
|
||||
+ if(!strcasecmp(ptr, headers[j])) df = 1;
|
||||
+ if (!df) orderedmap_remove (hashofheaders, ptr);
|
||||
|
||||
/* Advance ptr to the next token */
|
||||
ptr += strlen (ptr) + 1;
|
||||
--
|
||||
2.45.0
|
||||
|
|
@ -3,7 +3,7 @@ TERMUX_PKG_DESCRIPTION="Light-weight HTTP proxy daemon for POSIX operating syste
|
|||
TERMUX_PKG_LICENSE="GPL-2.0"
|
||||
TERMUX_PKG_MAINTAINER="@termux"
|
||||
TERMUX_PKG_VERSION=1.11.1
|
||||
TERMUX_PKG_REVISION=1
|
||||
TERMUX_PKG_REVISION=2
|
||||
TERMUX_PKG_SRCURL=https://github.com/tinyproxy/tinyproxy/releases/download/${TERMUX_PKG_VERSION}/tinyproxy-${TERMUX_PKG_VERSION}.tar.xz
|
||||
TERMUX_PKG_SHA256=d66388448215d0aeb90d0afdd58ed00386fb81abc23ebac9d80e194fceb40f7c
|
||||
TERMUX_PKG_AUTO_UPDATE=true
|
||||
|
|
Loading…
Reference in New Issue
Block a user