Pullup ticket 2391 - requested by joerg Security fix for lighttpd Revisions pulled up: - www/lighttpd/Makefile 1.21 - www/lighttpd/distinfo 1.14 - www/lighttpd/patches/patch-aa 1.9 - www/lighttpd/patches/patch-ac 1.5 Module Name: pkgsrc Committed By: joerg Date: Fri Apr 25 19:58:17 UTC 2008 Modified Files: pkgsrc/www/lighttpd: distinfo Added Files: pkgsrc/www/lighttpd/patches: patch-aa patch-ac Log Message: Fix a potential DOS when using SSL. Bump revision. --- Module Name: pkgsrc Committed By: joerg Date: Tue May 20 14:22:50 UTC 2008 Modified Files: pkgsrc/www/lighttpd: Makefile Log Message: Belatedly bump revision for CVE-2008-1531 fix.

(tron)

 @@ -1,16 +1,17 @@
-# $NetBSD: Makefile,v 1.20 2008/03/15 10:53:50 joerg Exp $
+# $NetBSD: Makefile,v 1.20.2.1 2008/05/21 13:01:02 tron Exp $
 DISTNAME=	lighttpd-1.4.19
 PKGREVISION=	1
 CATEGORIES=	www
 MASTER_SITES=	http://www.lighttpd.net/download/
 MAINTAINER=	joerg@NetBSD.org
 HOMEPAGE=	http://www.lighttpd.net/
 COMMENT=	Fast, light-footprint HTTP server
 PKG_DESTDIR_SUPPORT=	user-destdir
 USE_LIBTOOL=		yes
 SHLIBTOOL_OVERRIDE=	# empty
 GNU_CONFIGURE=		yes

 @@ -1,6 +1,8 @@
-$NetBSD: distinfo,v 1.13 2008/03/15 10:53:50 joerg Exp $
+$NetBSD: distinfo,v 1.13.2.1 2008/05/21 13:01:02 tron Exp $
 SHA1 (lighttpd-1.4.19.tar.gz) = 79e2d61dd9017c3c50c0fe98b2289cae5c1255ee
 RMD160 (lighttpd-1.4.19.tar.gz) = 7dbe2a22051e18f4037b48ee4811e2c9738d20cf
 Size (lighttpd-1.4.19.tar.gz) = 815568 bytes
 SHA1 (patch-aa) = 4e3a6bf761bc0e0b8b2ff75fbec739d2cad145ab
 SHA1 (patch-ab) = b02003db1b2ac978846eb0f7be178b91f59fc176
 SHA1 (patch-ac) = eca334f430362b2095727e28b9cc15f757fd440d

$NetBSD: patch-aa,v 1.8.2.1 2008/05/21 13:01:02 tron Exp $ From SVN: Fix potential DOS by clearing SSL error queue. --- src/connections.c.orig 2008-04-25 18:28:26.000000000 +0200 +++ src/connections.c @@ -199,6 +199,7 @@ static int connection_handle_read_ssl(se /* don't resize the buffer if we were in SSL_ERROR_WANT_* */ + ERR_clear_error(); do { if (!con->ssl_error_want_reuse_buffer) { b = buffer_init(); @@ -1668,19 +1669,47 @@ int connection_state_machine(server *srv } #ifdef USE_OPENSSL if (srv_sock->is_ssl) { - int ret; + int ret, ssl_r; + unsigned long err; + ERR_clear_error(); switch ((ret = SSL_shutdown(con->ssl))) { case 1: /* ok */ break; case 0: - SSL_shutdown(con->ssl); - break; + ERR_clear_error(); + if (-1 != (ret = SSL_shutdown(con->ssl))) break; + + // fall through default: - log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:", - SSL_get_error(con->ssl, ret), - ERR_error_string(ERR_get_error(), NULL)); - return -1; + + switch ((ssl_r = SSL_get_error(con->ssl, ret))) { + case SSL_ERROR_WANT_WRITE: + case SSL_ERROR_WANT_READ: + break; + case SSL_ERROR_SYSCALL: + /* perhaps we have error waiting in our error-queue */ + if (0 != (err = ERR_get_error())) { + do { + log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:", + ssl_r, ret, + ERR_error_string(err, NULL)); + } while ((err = ERR_get_error())); + } else { + log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL (error):", + ssl_r, r, errno, + strerror(errno)); + } + break; + + default: + while ((err = ERR_get_error())) { + log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:", + ssl_r, ret, + ERR_error_string(err, NULL)); + } + break; + } } } #endif

$NetBSD: patch-ac,v 1.4.2.1 2008/05/21 13:01:02 tron Exp $ From SVN: Fix potential DOS by clearing SSL error queue. --- src/network_openssl.c.orig 2008-04-25 18:29:42.000000000 +0200 +++ src/network_openssl.c @@ -85,6 +85,7 @@ int network_write_chunkqueue_openssl(ser * */ + ERR_clear_error(); if ((r = SSL_write(ssl, offset, toSend)) <= 0) { unsigned long err; @@ -187,6 +188,7 @@ int network_write_chunkqueue_openssl(ser close(ifd); + ERR_clear_error(); if ((r = SSL_write(ssl, s, toSend)) <= 0) { unsigned long err;