ports/104027: [patch] mod_rewrite buffer overflow fix for russian apache
Sergey Smitienko
hunter at postbox.kiev.ua
Thu Oct 5 18:50:27 UTC 2006
>Number: 104027
>Category: ports
>Synopsis: [patch] mod_rewrite buffer overflow fix for russian apache
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Thu Oct 05 18:50:16 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Sergey Smitienko
>Release: FreeBSD 6.0-RELEASE-p6 i386
>Organization:
URA Internet
>Environment:
System: FreeBSD knight.ura.org.ua 6.0-RELEASE-p6 FreeBSD 6.0-RELEASE-p6 #3: Thu Jun 8 18:40:25 EEST 2006 root at knight.ura.org.ua:/usr/obj/usr/src/sys/KNIGHT i386
>Description:
russian apache is a little bit behind of normal apache 1.3 and there is no offitial "russian" patch
for latest apache 1.3 versions. So, there is no offitial version of russian apache with mod_rewrite
buffer overflow fixed.
>How-To-Repeat:
install russian apache
>Fix:
I believe community can continue using the older russian apache with the following patch installed.
--- patch-bc begins here ---
--- src/modules/standard/mod_rewrite.c.orig Tue Sep 12 14:01:04 2006
+++ src/modules/standard/mod_rewrite.c Wed Nov 24 21:10:19 2004
@@ -2735,7 +2735,7 @@
int c = 0;
token[0] = cp = ap_pstrdup(p, cp);
- while (*cp && c < 5) {
+ while (*cp && c < 4) {
if (*cp == '?') {
token[++c] = cp + 1;
*cp = '\0';
--- patch-bc ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list