Line 0
Link Here
|
|
|
1 |
OpenBSD 6.0 errata 17, Jan 31, 2017 |
2 |
|
3 |
A bug in the processing of range headers in httpd can lead to memory |
4 |
exhaustion. This patch disables range header processing. |
5 |
|
6 |
--- usr.sbin/httpd/server_file.c.orig 2016-10-17 10:49:16 UTC |
7 |
+++ usr.sbin/httpd/server_file.c |
8 |
@@ -66,7 +66,6 @@ server_file_access(struct httpd *env, st |
9 |
struct http_descriptor *desc = clt->clt_descreq; |
10 |
struct server_config *srv_conf = clt->clt_srv_conf; |
11 |
struct stat st; |
12 |
- struct kv *r, key; |
13 |
char *newpath, *encodedpath; |
14 |
int ret; |
15 |
|
16 |
@@ -146,13 +145,7 @@ server_file_access(struct httpd *env, st |
17 |
goto fail; |
18 |
} |
19 |
|
20 |
- key.kv_key = "Range"; |
21 |
- r = kv_find(&desc->http_headers, &key); |
22 |
- if (r != NULL) |
23 |
- return (server_partial_file_request(env, clt, path, &st, |
24 |
- r->kv_value)); |
25 |
- else |
26 |
- return (server_file_request(env, clt, path, &st)); |
27 |
+ return (server_file_request(env, clt, path, &st)); |
28 |
|
29 |
fail: |
30 |
switch (errno) { |