From owner-freebsd-ports Wed Feb 16 21:30: 5 2000 Delivered-To: freebsd-ports@freebsd.org Received: from builder.freebsd.org (builder.FreeBSD.ORG [204.216.27.24]) by hub.freebsd.org (Postfix) with ESMTP id 0B38537B607 for ; Wed, 16 Feb 2000 21:30:03 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by builder.freebsd.org (Postfix) with ESMTP id F29AD132EF for ; Wed, 16 Feb 2000 21:29:22 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id VAA29957; Wed, 16 Feb 2000 21:30:02 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from builder.freebsd.org (builder.FreeBSD.ORG [204.216.27.24]) by hub.freebsd.org (Postfix) with ESMTP id EB44337B607 for ; Wed, 16 Feb 2000 21:27:36 -0800 (PST) (envelope-from fjoe@iclub.nsu.ru) Received: from iclub.nsu.ru (iclub.nsu.ru [193.124.222.66]) by builder.freebsd.org (Postfix) with ESMTP id 7FDBB132E1 for ; Wed, 16 Feb 2000 21:24:55 -0800 (PST) Received: (from fjoe@localhost) by iclub.nsu.ru (8.9.3/8.9.3) id LAA01395; Thu, 17 Feb 2000 11:25:31 +0600 (NS) (envelope-from fjoe) Message-Id: <200002170525.LAA01395@iclub.nsu.ru> Date: Thu, 17 Feb 2000 11:25:31 +0600 (NS) From: Max Khon Reply-To: fjoe@iclub.nsu.ru To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: ports/16772: buffer underflow in microsoft-supplied patch for apache+fp Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 16772 >Category: ports >Synopsis: buffer underflow in microsoft-supplied patch for apache+fp >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Feb 16 21:30:02 PST 2000 >Closed-Date: >Last-Modified: >Originator: Max Khon >Release: FreeBSD 3.4-STABLE i386 >Organization: PLESK, Inc. >Environment: apache13-fp port, FreeBSD version is irrelevant >Description: patch for http_request.c (supplied by Microsoft) has one horrible bug which I found when tried to make fpcount.exe to work under Solaris. It worked before under FreeBSD (BSDI, Linux) only because r->execfilename is allocated in memory right before r->filename. >How-To-Repeat: just look at the code. currently it works under FreeBSD. >Fix: new patch-fi for /usr/ports/www/apache13-fp/ ===== cut here ===== --- http_request.c.orig Tue Feb 15 18:23:33 2000 +++ http_request.c Tue Feb 15 18:26:04 2000 @@ -175,7 +175,7 @@ { char *cp; char *path = r->filename; - char *end = &path[strlen(path)]; + char *end; char *last_cp = NULL; int rv; #ifdef HAVE_DRIVE_LETTERS @@ -187,6 +187,9 @@ return OK; } + if (r->execfilename) path = r->execfilename; + end = path + strlen(path); + #ifdef HAVE_DRIVE_LETTERS /* If the directory is x:\, then we don't want to strip * the trailing slash since x: is not a valid directory. @@ -511,6 +514,7 @@ res = ap_parse_htaccess(&htaccess_conf, r, overrides_here, ap_pstrdup(r->pool, test_dirname), sconf->access_name); + if (r->execfilename) r->filename = r->execfilename; if (res) return res; @@ -521,6 +525,7 @@ r->per_dir_config = per_dir_defaults; } } + if (r->execfilename) r->filename = r->execfilename; } /* ===== cut here ===== >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message