[interchange-cvs] interchange - kwalsh modified lib/Vend/Server.pm

interchange-cvs at icdevgroup.org interchange-cvs at icdevgroup.org
Tue Jun 6 14:05:23 EDT 2006


User:      kwalsh
Date:      2006-06-06 18:05:23 GMT
Modified:  lib/Vend Tag: STABLE_5_4-branch Server.pm
Log:
    * Patch for a DoS exploit, pointed out by Donald Alexander.  Thanks
      Donald.

      A carefully crafted HTTP POST request could cause an Interchange
      page processor to hang until it's killed by Interchange's periodic
      housekeeping routine.

      If several of these requests are received in quick succession
      then it could be possible to disable all of the page processors,
      rendering Interchange unresponsive for a while.

Revision  Changes    Path
No                   revision



No                   revision



2.66.2.1  +9 -5      interchange/lib/Vend/Server.pm


rev 2.66.2.1, prev_rev 2.66
Index: Server.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/Server.pm,v
retrieving revision 2.66
retrieving revision 2.66.2.1
diff -u -r2.66 -r2.66.2.1
--- Server.pm	8 Nov 2005 18:14:45 -0000	2.66
+++ Server.pm	6 Jun 2006 18:05:23 -0000	2.66.2.1
@@ -1,6 +1,6 @@
 # Vend::Server - Listen for Interchange CGI requests as a background server
 #
-# $Id: Server.pm,v 2.66 2005/11/08 18:14:45 jon Exp $
+# $Id: Server.pm,v 2.66.2.1 2006/06/06 18:05:23 kwalsh Exp $
 #
 # Copyright (C) 2002-2005 Interchange Development Group
 # Copyright (C) 1996-2002 Red Hat, Inc.
@@ -26,7 +26,7 @@
 package Vend::Server;
 
 use vars qw($VERSION);
-$VERSION = substr(q$Revision: 2.66 $, 10);
+$VERSION = substr(q$Revision: 2.66.2.1 $, 10);
 
 use POSIX qw(setsid strftime);
 use Vend::Util;
@@ -640,10 +640,14 @@
 sub _read {
     my ($in, $fh) = @_;
 	$fh = \*MESSAGE if ! $fh;
-    my ($r);
-    
+    my ($r,$rin);
+
+    vec($rin,fileno($fh),1) = 1;
+
     do {
-        $r = sysread($fh, $$in, 512, length($$in));
+	if (($r = select($rin, undef, undef, 1)) > 0) {
+	    $r = sysread($fh, $$in, 512, length($$in));
+	}
     } while (!defined $r and $!{eintr});
     die "read: $!" unless defined $r;
     die "read: closed" unless $r > 0;








More information about the interchange-cvs mailing list