Date: Thu, 5 Oct 2006 21:41:41 +0300 (EEST) From: Sergey Smitienko <hunter@postbox.kiev.ua> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/104027: [patch] mod_rewrite buffer overflow fix for russian apache Message-ID: <200610051841.k95IffWn065798@knight.ura.org.ua> Resent-Message-ID: <200610051850.k95IoL6G089460@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 104027
>Category: ports
>Synopsis: [patch] mod_rewrite buffer overflow fix for russian apache
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Thu Oct 05 18:50:16 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Sergey Smitienko
>Release: FreeBSD 6.0-RELEASE-p6 i386
>Organization:
URA Internet
>Environment:
System: FreeBSD knight.ura.org.ua 6.0-RELEASE-p6 FreeBSD 6.0-RELEASE-p6 #3: Thu Jun 8 18:40:25 EEST 2006 root@knight.ura.org.ua:/usr/obj/usr/src/sys/KNIGHT i386
>Description:
russian apache is a little bit behind of normal apache 1.3 and there is no offitial "russian" patch
for latest apache 1.3 versions. So, there is no offitial version of russian apache with mod_rewrite
buffer overflow fixed.
>How-To-Repeat:
install russian apache
>Fix:
I believe community can continue using the older russian apache with the following patch installed.
--- patch-bc begins here ---
--- src/modules/standard/mod_rewrite.c.orig Tue Sep 12 14:01:04 2006
+++ src/modules/standard/mod_rewrite.c Wed Nov 24 21:10:19 2004
@@ -2735,7 +2735,7 @@
int c = 0;
token[0] = cp = ap_pstrdup(p, cp);
- while (*cp && c < 5) {
+ while (*cp && c < 4) {
if (*cp == '?') {
token[++c] = cp + 1;
*cp = '\0';
--- patch-bc ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200610051841.k95IffWn065798>