[mongoose/el6: 15/17] Add backport patch to fix CVE-2011-2900 (729146)

[Florencia Fotorello]

commit c35d7f193fae5d4bdcb4ab6edc425b698dead9b9
Author: Rafael Aquini <aquini at redhat.com>
Date:   Wed Aug 31 10:44:58 2011 -0300

    Add backport patch to fix CVE-2011-2900 (729146)

 mongoose-fix-buffer-overflow-put_dir.patch |   44 ++++++++++++++++++++++++++++
 1 files changed, 44 insertions(+), 0 deletions(-)
---
diff --git a/mongoose-fix-buffer-overflow-put_dir.patch b/mongoose-fix-buffer-overflow-put_dir.patch
new file mode 100644
index 0000000..079f223
--- /dev/null
+++ b/mongoose-fix-buffer-overflow-put_dir.patch
@@ -0,0 +1,44 @@
+--- a/mongoose.c	2011-08-31 09:49:39.422425550 -0300
++++ b/mongoose.c	2011-08-31 10:00:43.070128846 -0300
+@@ -3394,24 +3394,32 @@ put_dir(const char *path)
+ 	char		buf[FILENAME_MAX];
+ 	const char	*s, *p;
+ 	struct mgstat	st;
+-	size_t		len;
++	int len, res = 1;
+ 
+-	for (s = p = path + 2; (p = strchr(s, '/')) != NULL; s = ++p) {
++	for (s = p = path + 2; (p = strchr(s, DIRSEP)) != NULL; s = ++p) {
+ 		len = p - path;
+-		assert(len < sizeof(buf));
+-		(void) memcpy(buf, path, len);
++		if (len >= (int) sizeof(buf)) {
++			res = -1;
++			break;
++		}
++		memcpy(buf, path, len);
+ 		buf[len] = '\0';
+ 
+ 		/* Try to create intermediate directory */
+-		if (mg_stat(buf, &st) == -1 && mg_mkdir(buf, 0755) != 0)
+-			return (-1);
++		DEBUG_TRACE(("mkdir(%s)", buf));
++		if (mg_stat(buf, &st) == -1 && mg_mkdir(buf, 0755) != 0) {
++			res = -1;
++			break;
++		}
+ 
+ 		/* Is path itself a directory ? */
+-		if (p[1] == '\0')
+-			return (0);
++		if (p[1] == '\0') {
++			res = 0;
++			break;
++		}
+ 	}
+ 
+-	return (1);
++	return res;
+ }
+ 
+ static void