|
Line 0
Link Here
|
|
|
1 |
OpenBSD 6.0 errata 17, Jan 31, 2017 |
| 2 |
|
| 3 |
A bug in the processing of range headers in httpd can lead to memory |
| 4 |
exhaustion. This patch disables range header processing. |
| 5 |
|
| 6 |
--- usr.sbin/httpd/server_file.c.orig 2016-10-17 10:49:16 UTC |
| 7 |
+++ usr.sbin/httpd/server_file.c |
| 8 |
@@ -66,7 +66,6 @@ server_file_access(struct httpd *env, st |
| 9 |
struct http_descriptor *desc = clt->clt_descreq; |
| 10 |
struct server_config *srv_conf = clt->clt_srv_conf; |
| 11 |
struct stat st; |
| 12 |
- struct kv *r, key; |
| 13 |
char *newpath, *encodedpath; |
| 14 |
int ret; |
| 15 |
|
| 16 |
@@ -146,13 +145,7 @@ server_file_access(struct httpd *env, st |
| 17 |
goto fail; |
| 18 |
} |
| 19 |
|
| 20 |
- key.kv_key = "Range"; |
| 21 |
- r = kv_find(&desc->http_headers, &key); |
| 22 |
- if (r != NULL) |
| 23 |
- return (server_partial_file_request(env, clt, path, &st, |
| 24 |
- r->kv_value)); |
| 25 |
- else |
| 26 |
- return (server_file_request(env, clt, path, &st)); |
| 27 |
+ return (server_file_request(env, clt, path, &st)); |
| 28 |
|
| 29 |
fail: |
| 30 |
switch (errno) { |