diff options
Diffstat (limited to 'gnu/packages/patches/libupnp-CVE-2016-6255.patch')
| -rw-r--r-- | gnu/packages/patches/libupnp-CVE-2016-6255.patch | 50 |
1 files changed, 0 insertions, 50 deletions
diff --git a/gnu/packages/patches/libupnp-CVE-2016-6255.patch b/gnu/packages/patches/libupnp-CVE-2016-6255.patch deleted file mode 100644 index c9a3fa284c..0000000000 --- a/gnu/packages/patches/libupnp-CVE-2016-6255.patch +++ /dev/null @@ -1,50 +0,0 @@ -Fix CVE-2016-6255: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6255 -http://www.openwall.com/lists/oss-security/2016/07/18/13 - -Patch adapted from upstream commit: - -https://github.com/mrjimenez/pupnp/commit/d64d6a44906b5aa5306bdf1708531d698654dda5 - -The upstream change is simplified to unconditionally disable the HTTP -POST feature. - -From d64d6a44906b5aa5306bdf1708531d698654dda5 Mon Sep 17 00:00:00 2001 -From: Matthew Garrett <mjg59@srcf.ucam.org> -Date: Tue, 23 Feb 2016 13:53:20 -0800 -Subject: [PATCH] Don't allow unhandled POSTs to write to the filesystem by - default - -If there's no registered handler for a POST request, the default behaviour -is to write it to the filesystem. Several million deployed devices appear -to have this behaviour, making it possible to (at least) store arbitrary -data on them. Add a configure option that enables this behaviour, and change -the default to just drop POSTs that aren't directly handled. - -Signed-off-by: Marcelo Roberto Jimenez <mroberto@users.sourceforge.net> -(cherry picked from commit c91a8a3903367e1163765b73eb4d43be7d7927fa) ---- - configure.ac | 9 +++++++++ - upnp/inc/upnpconfig.h.in | 9 +++++++++ - upnp/src/genlib/net/http/webserver.c | 4 ++++ - 3 files changed, 22 insertions(+) - -diff --git a/upnp/src/genlib/net/http/webserver.c b/upnp/src/genlib/net/http/webserver.c -index 26bf0f7..7ae8c1e 100644 ---- a/upnp/src/genlib/net/http/webserver.c -+++ b/upnp/src/genlib/net/http/webserver.c -@@ -1367,9 +1367,13 @@ static int http_RecvPostMessage( - if (Fp == NULL) - return HTTP_INTERNAL_SERVER_ERROR; - } else { -+#if 0 - Fp = fopen(filename, "wb"); - if (Fp == NULL) - return HTTP_UNAUTHORIZED; -+#else -+ return HTTP_NOT_FOUND; -+#endif - } - parser->position = POS_ENTITY; - do { |