Gentoo Archives: gentoo-commits

From: "Jeroen Roovers (jer)" <jer@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in net-proxy/tinyproxy/files: tinyproxy-1.8.3-DoS-Prevention.patch tinyproxy-1.8.3-r2-DoS-Prevention.patch
Date: Sat, 31 Aug 2013 16:44:18
Message-Id: 20130831164415.5033F2004C@flycatcher.gentoo.org
1 jer 13/08/31 16:44:15
2
3 Added: tinyproxy-1.8.3-DoS-Prevention.patch
4 Removed: tinyproxy-1.8.3-r2-DoS-Prevention.patch
5 Log:
6 Fix patch name (Gentoo revisions do not make sense).
7
8 (Portage version: 2.2.1/cvs/Linux x86_64, signed Manifest commit with key A792A613)
9
10 Revision Changes Path
11 1.1 net-proxy/tinyproxy/files/tinyproxy-1.8.3-DoS-Prevention.patch
12
13 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-proxy/tinyproxy/files/tinyproxy-1.8.3-DoS-Prevention.patch?rev=1.1&view=markup
14 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-proxy/tinyproxy/files/tinyproxy-1.8.3-DoS-Prevention.patch?rev=1.1&content-type=text/plain
15
16 Index: tinyproxy-1.8.3-DoS-Prevention.patch
17 ===================================================================
18 https://banu.com/bugzilla/show_bug.cgi?id=110#c4
19
20 From 526215dbb4abb1cff9a170343fa50dbda9492eb1 Mon Sep 17 00:00:00 2001
21 From: Michael Adam <obnox@×××××.org>
22 Date: Fri, 15 Mar 2013 12:34:01 +0100
23 Subject: [PATCH 1/2] [BB#110] secure the hashmaps by adding a seed
24
25 Based on patch provided by gpernot@×××××××.org on bugzilla.
26
27 Signed-off-by: Michael Adam <obnox@×××××.org>
28 ---
29 configure.ac | 2 ++
30 src/child.c | 1 +
31 src/hashmap.c | 14 ++++++++------
32 3 files changed, 11 insertions(+), 6 deletions(-)
33
34 diff --git a/configure.ac b/configure.ac
35 index ecbcba0..cc40e85 100644
36 --- a/configure.ac
37 +++ b/configure.ac
38 @@ -205,6 +205,8 @@ AC_CHECK_FUNCS([gethostname inet_ntoa memchr memset select socket strcasecmp \
39 AC_CHECK_FUNCS([isascii memcpy setrlimit ftruncate regcomp regexec])
40 AC_CHECK_FUNCS([strlcpy strlcat])
41
42 +AC_CHECK_FUNCS([time rand srand])
43 +
44
45 dnl Enable extra warnings
46 DESIRED_FLAGS="-fdiagnostics-show-option -Wall -Wextra -Wno-unused-parameter -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -Wfloat-equal -Wundef -Wformat=2 -Wlogical-op -Wmissing-include-dirs -Wformat-nonliteral -Wold-style-definition -Wpointer-arith -Waggregate-return -Winit-self -Wpacked --std=c89 -ansi -pedantic -Wno-overlength-strings -Wc++-compat -Wno-long-long -Wno-overlength-strings -Wdeclaration-after-statement -Wredundant-decls -Wmissing-noreturn -Wshadow -Wendif-labels -Wcast-qual -Wcast-align -Wwrite-strings -Wp,-D_FORTIFY_SOURCE=2 -fno-common"
47 diff --git a/src/child.c b/src/child.c
48 index 34e20e0..0d778d9 100644
49 --- a/src/child.c
50 +++ b/src/child.c
51 @@ -196,6 +196,7 @@ static void child_main (struct child_s *ptr)
52 }
53
54 ptr->connects = 0;
55 + srand(time(NULL));
56
57 while (!config.quit) {
58 ptr->status = T_WAITING;
59 diff --git a/src/hashmap.c b/src/hashmap.c
60 index f46fdcb..8cf7c6b 100644
61 --- a/src/hashmap.c
62 +++ b/src/hashmap.c
63 @@ -50,6 +50,7 @@ struct hashbucket_s {
64 };
65
66 struct hashmap_s {
67 + uint32_t seed;
68 unsigned int size;
69 hashmap_iter end_iterator;
70
71 @@ -65,7 +66,7 @@ struct hashmap_s {
72 *
73 * If any of the arguments are invalid a negative number is returned.
74 */
75 -static int hashfunc (const char *key, unsigned int size)
76 +static int hashfunc (const char *key, unsigned int size, uint32_t seed)
77 {
78 uint32_t hash;
79
80 @@ -74,7 +75,7 @@ static int hashfunc (const char *key, unsigned int size)
81 if (size == 0)
82 return -ERANGE;
83
84 - for (hash = tolower (*key++); *key != '\0'; key++) {
85 + for (hash = seed; *key != '\0'; key++) {
86 uint32_t bit = (hash & 1) ? (1 << (sizeof (uint32_t) - 1)) : 0;
87
88 hash >>= 1;
89 @@ -104,6 +105,7 @@ hashmap_t hashmap_create (unsigned int nbuckets)
90 if (!ptr)
91 return NULL;
92
93 + ptr->seed = (uint32_t)rand();
94 ptr->size = nbuckets;
95 ptr->buckets = (struct hashbucket_s *) safecalloc (nbuckets,
96 sizeof (struct
97 @@ -201,7 +203,7 @@ hashmap_insert (hashmap_t map, const char *key, const void *data, size_t len)
98 if (!data || len < 1)
99 return -ERANGE;
100
101 - hash = hashfunc (key, map->size);
102 + hash = hashfunc (key, map->size, map->seed);
103 if (hash < 0)
104 return hash;
105
106 @@ -382,7 +384,7 @@ ssize_t hashmap_search (hashmap_t map, const char *key)
107 if (map == NULL || key == NULL)
108 return -EINVAL;
109
110 - hash = hashfunc (key, map->size);
111 + hash = hashfunc (key, map->size, map->seed);
112 if (hash < 0)
113 return hash;
114
115 @@ -416,7 +418,7 @@ ssize_t hashmap_entry_by_key (hashmap_t map, const char *key, void **data)
116 if (!map || !key || !data)
117 return -EINVAL;
118
119 - hash = hashfunc (key, map->size);
120 + hash = hashfunc (key, map->size, map->seed);
121 if (hash < 0)
122 return hash;
123
124 @@ -451,7 +453,7 @@ ssize_t hashmap_remove (hashmap_t map, const char *key)
125 if (map == NULL || key == NULL)
126 return -EINVAL;
127
128 - hash = hashfunc (key, map->size);
129 + hash = hashfunc (key, map->size, map->seed);
130 if (hash < 0)
131 return hash;
132
133 --
134 1.7.9.5
135
136 https://banu.com/bugzilla/show_bug.cgi?id=110#c5
137
138 From f1189daec6866efeb44f24073cd19d7ece86e537 Mon Sep 17 00:00:00 2001
139 From: Michael Adam <obnox@×××××.org>
140 Date: Fri, 15 Mar 2013 13:10:01 +0100
141 Subject: [PATCH 2/2] [BB#110] limit the number of headers per request to
142 prevent DoS
143
144 Based on patch provided by gpernot@×××××××.org on bugzilla.
145
146 Signed-off-by: Michael Adam <obnox@×××××.org>
147 ---
148 src/reqs.c | 17 ++++++++++++++++-
149 1 file changed, 16 insertions(+), 1 deletion(-)
150
151 diff --git a/src/reqs.c b/src/reqs.c
152 index 2de43a8..af014ba 100644
153 --- a/src/reqs.c
154 +++ b/src/reqs.c
155 @@ -611,12 +611,19 @@ add_header_to_connection (hashmap_t hashofheaders, char *header, size_t len)
156 }
157
158 /*
159 + * define max number of headers.
160 + * big enough to handle legitimate cases, but limited to avoid DoS
161 + */
162 +#define MAX_HEADERS 10000
163 +
164 +/*
165 * Read all the headers from the stream
166 */
167 static int get_all_headers (int fd, hashmap_t hashofheaders)
168 {
169 char *line = NULL;
170 char *header = NULL;
171 + int count;
172 char *tmp;
173 ssize_t linelen;
174 ssize_t len = 0;
175 @@ -625,7 +632,7 @@ static int get_all_headers (int fd, hashmap_t hashofheaders)
176 assert (fd >= 0);
177 assert (hashofheaders != NULL);
178
179 - for (;;) {
180 + for (count = 0; count < MAX_HEADERS; count++) {
181 if ((linelen = readline (fd, &line)) <= 0) {
182 safefree (header);
183 safefree (line);
184 @@ -691,6 +698,14 @@ static int get_all_headers (int fd, hashmap_t hashofheaders)
185
186 safefree (line);
187 }
188 +
189 + /*
190 + * if we get there, this is we reached MAX_HEADERS count
191 + * bail out with error
192 + */
193 + safefree (header);
194 + safefree (line);
195 + return -1;
196 }
197
198 /*
199 --
200 1.7.9.5