FreeBSD Bugzilla – Attachment 171569 Details for
Bug 210385
net/haproxy: fix CVE-2016-5360
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Haproxy patch
haproxy.patch (text/plain), 5.35 KB, created by
Piotr Kubaj
on 2016-06-19 11:20:24 UTC
(
hide
)
Description:
Haproxy patch
Filename:
MIME Type:
Creator:
Piotr Kubaj
Created:
2016-06-19 11:20:24 UTC
Size:
5.35 KB
patch
obsolete
>Index: Makefile >=================================================================== >--- Makefile (revision 417076) >+++ Makefile (working copy) >@@ -3,6 +3,7 @@ > > PORTNAME= haproxy > PORTVERSION= 1.6.5 >+PORTREVISION= 1 > CATEGORIES= net www > MASTER_SITES= http://www.haproxy.org/download/1.6/src/ > DISTFILES= ${PORTNAME}-${DISTVERSION}${EXTRACT_SUFX} >Index: files/patch-include_types_proto_http.h >=================================================================== >--- files/patch-include_types_proto_http.h (revision 0) >+++ files/patch-include_types_proto_http.h (working copy) >@@ -0,0 +1,13 @@ >+Security fix for CVE-2016-5360 >+http://git.haproxy.org/?p=haproxy-1.6.git;a=commitdiff;h=60f01f8c89e4fb2723d5a9f2046286e699567e0b >+ >+--- include/types/proto_http.h.orig Tue May 10 15:42:00 2016 >++++ include/types/proto_http.h Tue Jun 14 15:10:23 2016 >+@@ -362,7 +362,6 @@ struct http_txn { >+ unsigned int flags; /* transaction flags */ >+ enum http_meth_t meth; /* HTTP method */ >+ /* 1 unused byte here */ >+- short rule_deny_status; /* HTTP status from rule when denying */ >+ short status; /* HTTP status from the server, negative if from proxy */ >+ >+ char *uri; /* first line if log needed, NULL otherwise */ > >Property changes on: files/patch-include_types_proto_http.h >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: files/patch-src_proto_http.c >=================================================================== >--- files/patch-src_proto_http.c (revision 0) >+++ files/patch-src_proto_http.c (working copy) >@@ -0,0 +1,75 @@ >+Security fix for CVE-2016-5360 >+http://git.haproxy.org/?p=haproxy-1.6.git;a=commitdiff;h=60f01f8c89e4fb2723d5a9f2046286e699567e0b >+ >+--- src/proto_http.c.orig Sun Dec 27 15:04:17 2015 >++++ src/proto_http.c Wed Jun 15 09:02:24 2016 >+@@ -3489,10 +3489,12 @@ static int http_transform_header(struct stream* s, str >+ * further processing of the request (auth, deny, ...), and defaults to >+ * HTTP_RULE_RES_STOP if it executed all rules or stopped on an allow, or >+ * HTTP_RULE_RES_CONT if the last rule was reached. It may set the TX_CLTARPIT >+- * on txn->flags if it encounters a tarpit rule. >++ * on txn->flags if it encounters a tarpit rule. If <deny_status> is not NULL >++ * and a deny/tarpit rule is matched, it will be filled with this rule's deny >++ * status. >+ */ >+ enum rule_result >+-http_req_get_intercept_rule(struct proxy *px, struct list *rules, struct stream *s) >++http_req_get_intercept_rule(struct proxy *px, struct list *rules, struct stream *s, int *deny_status) >+ { >+ struct session *sess = strm_sess(s); >+ struct http_txn *txn = s->txn; >+@@ -3538,12 +3540,14 @@ resume_execution: >+ return HTTP_RULE_RES_STOP; >+ >+ case ACT_ACTION_DENY: >+- txn->rule_deny_status = rule->deny_status; >++ if (deny_status) >++ *deny_status = rule->deny_status; >+ return HTTP_RULE_RES_DENY; >+ >+ case ACT_HTTP_REQ_TARPIT: >+ txn->flags |= TX_CLTARPIT; >+- txn->rule_deny_status = rule->deny_status; >++ if (deny_status) >++ *deny_status = rule->deny_status; >+ return HTTP_RULE_RES_DENY; >+ >+ case ACT_HTTP_REQ_AUTH: >+@@ -4302,6 +4306,7 @@ int http_process_req_common(struct stream *s, struct c >+ struct redirect_rule *rule; >+ struct cond_wordlist *wl; >+ enum rule_result verdict; >++ int deny_status = HTTP_ERR_403; >+ >+ if (unlikely(msg->msg_state < HTTP_MSG_BODY)) { >+ /* we need more data */ >+@@ -4322,7 +4327,7 @@ int http_process_req_common(struct stream *s, struct c >+ >+ /* evaluate http-request rules */ >+ if (!LIST_ISEMPTY(&px->http_req_rules)) { >+- verdict = http_req_get_intercept_rule(px, &px->http_req_rules, s); >++ verdict = http_req_get_intercept_rule(px, &px->http_req_rules, s, &deny_status); >+ >+ switch (verdict) { >+ case HTTP_RULE_RES_YIELD: /* some data miss, call the function later. */ >+@@ -4368,7 +4373,7 @@ int http_process_req_common(struct stream *s, struct c >+ >+ /* parse the whole stats request and extract the relevant information */ >+ http_handle_stats(s, req); >+- verdict = http_req_get_intercept_rule(px, &px->uri_auth->http_req_rules, s); >++ verdict = http_req_get_intercept_rule(px, &px->uri_auth->http_req_rules, s, &deny_status); >+ /* not all actions implemented: deny, allow, auth */ >+ >+ if (verdict == HTTP_RULE_RES_DENY) /* stats http-request deny */ >+@@ -4487,9 +4492,9 @@ int http_process_req_common(struct stream *s, struct c >+ >+ deny: /* this request was blocked (denied) */ >+ txn->flags |= TX_CLDENY; >+- txn->status = http_err_codes[txn->rule_deny_status]; >++ txn->status = http_err_codes[deny_status]; >+ s->logs.tv_request = now; >+- stream_int_retnclose(&s->si[0], http_error_message(s, txn->rule_deny_status)); >++ stream_int_retnclose(&s->si[0], http_error_message(s, deny_status)); >+ stream_inc_http_err_ctr(s); >+ sess->fe->fe_counters.denied_req++; >+ if (sess->fe != s->be) > >Property changes on: files/patch-src_proto_http.c >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Flags:
pkubaj
:
maintainer-approval?
Actions:
View
|
Diff
Attachments on
bug 210385
:
171568
| 171569