aboutsummaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch')
-rw-r--r--meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch33
1 files changed, 33 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch b/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch
new file mode 100644
index 0000000000..4e2157ca75
--- /dev/null
+++ b/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch
@@ -0,0 +1,33 @@
+From 3764b8551463b900b5b4e3ec0cd9bb9182191cb7 Mon Sep 17 00:00:00 2001
+From: rofl0r <rofl0r@users.noreply.github.com>
+Date: Thu, 8 Sep 2022 15:18:04 +0000
+Subject: [PATCH] prevent junk from showing up in error page in invalid
+ requests
+
+fixes #457
+
+https://github.com/tinyproxy/tinyproxy/commit/3764b8551463b900b5b4e3ec0cd9bb9182191cb7
+Upstream-Status: Backport
+CVE: CVE-2022-40468
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ src/reqs.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/reqs.c b/src/reqs.c
+index bce69819..45db118d 100644
+--- a/src/reqs.c
++++ b/src/reqs.c
+@@ -343,8 +343,12 @@ static struct request_s *process_request (struct conn_s *connptr,
+ goto fail;
+ }
+
++ /* zero-terminate the strings so they don't contain junk in error page */
++ request->method[0] = url[0] = request->protocol[0] = 0;
++
+ ret = sscanf (connptr->request_line, "%[^ ] %[^ ] %[^ ]",
+ request->method, url, request->protocol);
++
+ if (ret == 2 && !strcasecmp (request->method, "GET")) {
+ request->protocol[0] = 0;
+
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-27 12:21:40 +0000