Skip to content

Commit

Permalink
Fix stack overflow that can occur in libevhtp
Browse files Browse the repository at this point in the history 
libevhtp allocates a stack based on data length
when C99 is detected at compile time. There are
no checks to verify that the stack is big enough
which can cause a stack overflow.

Adding EVHTP_HAS_C99=false at compile time changes
this behavior by allocate to a buffer which has
proper checks in place.

More information about this bug can be found at:
Yellow-Camper/libevhtp#118
haiwen/seafile#1928

MFH:		2019Q3
  • Loading branch information
Richard Gallamore authored and Richard Gallamore committed Sep 1, 2019
1 parent 1dade77 commit bb401c1
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions www/libevhtp/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

PORTNAME= libevhtp
PORTVERSION= 1.2.16
PORTREVISION= 3
PORTREVISION= 4
CATEGORIES= www

MAINTAINER= ultima@FreeBSD.org
Expand All @@ -19,7 +19,8 @@ USE_GITHUB= yes
GH_ACCOUNT= criticalstack

CMAKE_ARGS= -DCMAKE_INCLUDE_PATH:PATH=include/event2 \
-DCMAKE_LIBRARY_PATH:PATH=lib/event2
-DCMAKE_LIBRARY_PATH:PATH=lib/event2 \
-DEVHTP_HAS_C99:BOOL=FALSE

PLIST_SUB= PORTVERSION=${PORTVERSION}

Expand Down

0 comments on commit bb401c1

Please sign in to comment.