Rev bump for security bug #159941.

(Portage version: 2.1.1-r2)

2 files changed, 24 insertions, 0 deletions

diff --git a/www-servers/thttpd/files/digest-thttpd-2.25b-r6 b/www-servers/thttpd/files/digest-thttpd-2.25b-r6
new file mode 100644
index 000000000000..f7daceb58ecf
--- /dev/null
+++ b/www-servers/thttpd/files/digest-thttpd-2.25b-r6
@@ -0,0 +1,3 @@
+MD5 a0e9cd87455d3a0ea11e5ea7e947adf6 thttpd-2.25b.tar.gz 132363
+RMD160 15020e8d04d27b30c4da3104387a281e35d58025 thttpd-2.25b.tar.gz 132363
+SHA256 4ceaa30ef55702d5cfdffdccd3a2dee8d3090e852c18c7ce8d17d692ad0bf024 thttpd-2.25b.tar.gz 132363
diff --git a/www-servers/thttpd/files/thttpd-2.25/fix-buffer-overflow.diff b/www-servers/thttpd/files/thttpd-2.25/fix-buffer-overflow.diff
new file mode 100644
index 000000000000..cacd7321486a
--- /dev/null
+++ b/www-servers/thttpd/files/thttpd-2.25/fix-buffer-overflow.diff
@@ -0,0 +1,21 @@
+diff -Nrup thttpd-2.25b.orig/libhttpd.c thttpd-2.25b/libhttpd.c
+--- thttpd-2.25b.orig/libhttpd.c	2003-12-25 19:06:05.000000000 +0000
++++ thttpd-2.25b/libhttpd.c	2007-01-08 21:43:28.000000000 +0000
+@@ -1469,7 +1469,7 @@ expand_symlinks( char* path, char** rest
+ 	    httpd_realloc_str( &checked, &maxchecked, checkedlen );
+ 	    (void) strcpy( checked, path );
+ 	    /* Trim trailing slashes. */
+-	    while ( checked[checkedlen - 1] == '/' )
++	    while ( checkedlen && checked[checkedlen - 1] == '/' )
+ 		{
+ 		checked[checkedlen - 1] = '\0';
+ 		--checkedlen;
+@@ -1488,7 +1488,7 @@ expand_symlinks( char* path, char** rest
+     restlen = strlen( path );
+     httpd_realloc_str( &rest, &maxrest, restlen );
+     (void) strcpy( rest, path );
+-    if ( rest[restlen - 1] == '/' )
++    if ( restlen && rest[restlen - 1] == '/' )
+ 	rest[--restlen] = '\0';         /* trim trailing slash */
+     if ( ! tildemapped )
+ 	/* Remove any leading slashes. */