Merge pull request #9894 from BKPepe/keepalived-18.06
[OpenWrt 18.06] keepalived: Update to version 1.4.5
This commit is contained in:
Florian Eckert
GitHub
commit
6014389c55
2 changed files with 61 additions and 4 deletions
|
|
@ -8,12 +8,12 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=keepalived
|
||||
PKG_VERSION:=1.4.4
|
||||
PKG_VERSION:=1.4.5
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||
PKG_SOURCE_URL:=http://www.keepalived.org/software
|
||||
PKG_HASH:=147c2b3b782223128551fd0a1564eaa30ed84a94b68c50ec5087747941314704
|
||||
PKG_SOURCE_URL:=https://www.keepalived.org/software
|
||||
PKG_HASH:=c7be18f6f90c8da6cc18cd8a90971b7a7da3823df091fcc7500d130fdb010c4d
|
||||
|
||||
PKG_LICENSE:=GPL-2.0+
|
||||
PKG_LICENSE_FILES:=COPYING
|
||||
|
|
@ -29,7 +29,7 @@ define Package/keepalived
|
|||
SECTION:=net
|
||||
CATEGORY:=Network
|
||||
TITLE:=Failover and monitoring daemon for LVS clusters
|
||||
URL:=http://www.keepalived.org/
|
||||
URL:=https://www.keepalived.org/
|
||||
DEPENDS:= \
|
||||
+PACKAGE_libnl-genl:libnl-genl \
|
||||
+libopenssl \
|
||||
|
|
|
|||
|
|
@ -0,0 +1,57 @@
|
|||
From f28015671a4b04785859d1b4b1327b367b6a10e9 Mon Sep 17 00:00:00 2001
|
||||
From: Quentin Armitage <quentin@armitage.org.uk>
|
||||
Date: Tue, 24 Jul 2018 09:28:43 +0100
|
||||
Subject: [PATCH] Fix buffer overflow in extract_status_code()
|
||||
|
||||
Issue #960 identified that the buffer allocated for copying the
|
||||
HTTP status code could overflow if the http response was corrupted.
|
||||
|
||||
This commit changes the way the status code is read, avoids copying
|
||||
data, and also ensures that the status code is three digits long,
|
||||
is non-negative and occurs on the first line of the response.
|
||||
|
||||
Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
|
||||
---
|
||||
lib/html.c | 23 +++++++++--------------
|
||||
1 file changed, 9 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/lib/html.c b/lib/html.c
|
||||
index 5a3eaeac..69d3bd2d 100644
|
||||
--- a/lib/html.c
|
||||
+++ b/lib/html.c
|
||||
@@ -58,23 +58,18 @@ size_t extract_content_length(char *buffer, size_t size)
|
||||
*/
|
||||
int extract_status_code(char *buffer, size_t size)
|
||||
{
|
||||
- char *buf_code;
|
||||
- char *begin;
|
||||
char *end = buffer + size;
|
||||
- size_t inc = 0;
|
||||
- int code;
|
||||
-
|
||||
- /* Allocate the room */
|
||||
- buf_code = (char *)MALLOC(10);
|
||||
+ unsigned long code;
|
||||
|
||||
/* Status-Code extraction */
|
||||
- while (buffer < end && *buffer++ != ' ') ;
|
||||
- begin = buffer;
|
||||
- while (buffer < end && *buffer++ != ' ')
|
||||
- inc++;
|
||||
- strncat(buf_code, begin, inc);
|
||||
- code = atoi(buf_code);
|
||||
- FREE(buf_code);
|
||||
+ while (buffer < end && *buffer != ' ' && *buffer != '\r')
|
||||
+ buffer++;
|
||||
+ buffer++;
|
||||
+ if (buffer + 3 >= end || *buffer == ' ' || buffer[3] != ' ')
|
||||
+ return 0;
|
||||
+ code = strtoul(buffer, &end, 10);
|
||||
+ if (buffer + 3 != end)
|
||||
+ return 0;
|
||||
return code;
|
||||
}
|
||||
|
||||
--
|
||||
2.20.1
|
||||
|
||||
Loading…
Reference in a new issue