Mercurial > hg > orthanc

changeset 6325:a80c704e8594

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
include patch for CVE-2025-55763 in civetweb
author Sebastien Jodogne <s.jodogne@gmail.com>
date Tue, 23 Sep 2025 16:10:50 +0200
parents e937476ccfff
children c648a54cf67c
files NEWS OrthancFramework/Resources/Patches/civetweb-1.16.patch OrthancServer/UnitTestsSources/VersionsTests.cpp
diffstat 3 files changed, 36 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/NEWS	Tue Sep 23 15:50:33 2025 +0200
+++ b/NEWS	Tue Sep 23 16:10:50 2025 +0200
@@ -40,7 +40,7 @@
        visualization in e.g. the Stone Web viewer and OHIF.
 * Fix issue 252: Disallow colons in HTTP basic usernames
 * Upgraded dependencies for static builds:
-  - civetweb 1.16
+  - civetweb 1.16, including patch for CVE-2025-55763
 
 
 Version 1.12.9 (2025-08-11)
--- a/OrthancFramework/Resources/Patches/civetweb-1.16.patch	Tue Sep 23 15:50:33 2025 +0200
+++ b/OrthancFramework/Resources/Patches/civetweb-1.16.patch	Tue Sep 23 16:10:50 2025 +0200
@@ -1,6 +1,6 @@
 diff -urEb civetweb-1.16.orig/src/civetweb.c civetweb-1.16/src/civetweb.c
 --- civetweb-1.16.orig/src/civetweb.c	2025-09-23 15:37:44.946300709 +0200
-+++ civetweb-1.16/src/civetweb.c	2025-09-23 15:38:18.426080130 +0200
++++ civetweb-1.16/src/civetweb.c	2025-09-23 16:05:20.877342193 +0200
 @@ -573,7 +573,7 @@
  #if (_MSC_VER < 1300)
  #define STRX(x) #x
@@ -33,3 +33,36 @@
  
  
  #else /* USE_SERVER_STATS */
+@@ -15255,12 +15255,28 @@
+ 			mg_send_http_error(conn, 500, "out or memory");
+ 		} else {
+ 			mg_get_request_link(conn, new_path, buflen - 1);
+-			strcat(new_path, "/");
++
++                        /* Start of patch for CVE-2025-55763: https://github.com/civetweb/civetweb/pull/1347 */
++                        size_t len = strlen(new_path);
++                        if (len + 1 < buflen) {
++                          new_path[len] = '/';
++                          new_path[len + 1] = '\0';
++                          len++;
++                        }
++
+ 			if (ri->query_string) {
+-				/* Append ? and query string */
+-				strcat(new_path, "?");
+-				strcat(new_path, ri->query_string);
++                          if (len + 1 < buflen) {
++                            new_path[len] = '?';
++                            new_path[len + 1] = '\0';
++                            len++;
+ 			}
++
++                          /* Append with size of space left for query string + null terminator */
++                          size_t max_append = buflen - len - 1;
++                          strncat(new_path, ri->query_string, max_append);
++                        }
++                        /* End of patch */
++
+ 			mg_send_http_redirect(conn, new_path, 301);
+ 			mg_free(new_path);
+ 		}
--- a/OrthancServer/UnitTestsSources/VersionsTests.cpp	Tue Sep 23 15:50:33 2025 +0200
+++ b/OrthancServer/UnitTestsSources/VersionsTests.cpp	Tue Sep 23 16:10:50 2025 +0200
@@ -195,7 +195,7 @@
 TEST(Versions, Civetweb)
 {
   ASSERT_EQ(1, CIVETWEB_VERSION_MAJOR);
-  ASSERT_EQ(14, CIVETWEB_VERSION_MINOR);
+  ASSERT_EQ(16, CIVETWEB_VERSION_MINOR);
   ASSERT_EQ(0, CIVETWEB_VERSION_PATCH);
 }
 #endif