From owner-freebsd-ports-bugs@FreeBSD.ORG Thu Oct 5 18:50:27 2006 Return-Path: X-Original-To: freebsd-ports-bugs@hub.freebsd.org Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4956416A40F for ; Thu, 5 Oct 2006 18:50:27 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 29AD443D5F for ; Thu, 5 Oct 2006 18:50:22 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k95IoLC5089461 for ; Thu, 5 Oct 2006 18:50:21 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k95IoL6G089460; Thu, 5 Oct 2006 18:50:21 GMT (envelope-from gnats) Resent-Date: Thu, 5 Oct 2006 18:50:21 GMT Resent-Message-Id: <200610051850.k95IoL6G089460@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Sergey Smitienko Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AA56016A407 for ; Thu, 5 Oct 2006 18:41:50 +0000 (UTC) (envelope-from hunter@knight.ura.org.ua) Received: from knight.ura.org.ua (knight.ura.org.ua [195.128.16.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2BA8C43D49 for ; Thu, 5 Oct 2006 18:41:48 +0000 (GMT) (envelope-from hunter@knight.ura.org.ua) Received: from knight.ura.org.ua (localhost.ura.org.ua [127.0.0.1]) by knight.ura.org.ua (8.13.4/8.13.4) with ESMTP id k95Ifkl6065799 for ; Thu, 5 Oct 2006 21:41:47 +0300 (EEST) (envelope-from hunter@knight.ura.org.ua) Received: (from hunter@localhost) by knight.ura.org.ua (8.13.4/8.13.4/Submit) id k95IffWn065798; Thu, 5 Oct 2006 21:41:41 +0300 (EEST) (envelope-from hunter) Message-Id: <200610051841.k95IffWn065798@knight.ura.org.ua> Date: Thu, 5 Oct 2006 21:41:41 +0300 (EEST) From: Sergey Smitienko To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: ports/104027: [patch] mod_rewrite buffer overflow fix for russian apache X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Sergey Smitienko List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Oct 2006 18:50:27 -0000 >Number: 104027 >Category: ports >Synopsis: [patch] mod_rewrite buffer overflow fix for russian apache >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Thu Oct 05 18:50:16 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Sergey Smitienko >Release: FreeBSD 6.0-RELEASE-p6 i386 >Organization: URA Internet >Environment: System: FreeBSD knight.ura.org.ua 6.0-RELEASE-p6 FreeBSD 6.0-RELEASE-p6 #3: Thu Jun 8 18:40:25 EEST 2006 root@knight.ura.org.ua:/usr/obj/usr/src/sys/KNIGHT i386 >Description: russian apache is a little bit behind of normal apache 1.3 and there is no offitial "russian" patch for latest apache 1.3 versions. So, there is no offitial version of russian apache with mod_rewrite buffer overflow fixed. >How-To-Repeat: install russian apache >Fix: I believe community can continue using the older russian apache with the following patch installed. --- patch-bc begins here --- --- src/modules/standard/mod_rewrite.c.orig Tue Sep 12 14:01:04 2006 +++ src/modules/standard/mod_rewrite.c Wed Nov 24 21:10:19 2004 @@ -2735,7 +2735,7 @@ int c = 0; token[0] = cp = ap_pstrdup(p, cp); - while (*cp && c < 5) { + while (*cp && c < 4) { if (*cp == '?') { token[++c] = cp + 1; *cp = '\0'; --- patch-bc ends here --- >Release-Note: >Audit-Trail: >Unformatted: