Date: Thu, 17 Feb 2000 11:25:31 +0600 (NS) From: Max Khon <fjoe@iclub.nsu.ru> To: FreeBSD-gnats-submit@freebsd.org Subject: ports/16772: buffer underflow in microsoft-supplied patch for apache+fp Message-ID: <200002170525.LAA01395@iclub.nsu.ru>
next in thread | raw e-mail | index | archive | help
>Number: 16772 >Category: ports >Synopsis: buffer underflow in microsoft-supplied patch for apache+fp >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Feb 16 21:30:02 PST 2000 >Closed-Date: >Last-Modified: >Originator: Max Khon >Release: FreeBSD 3.4-STABLE i386 >Organization: PLESK, Inc. >Environment: apache13-fp port, FreeBSD version is irrelevant >Description: patch for http_request.c (supplied by Microsoft) has one horrible bug which I found when tried to make fpcount.exe to work under Solaris. It worked before under FreeBSD (BSDI, Linux) only because r->execfilename is allocated in memory right before r->filename. >How-To-Repeat: just look at the code. currently it works under FreeBSD. >Fix: new patch-fi for /usr/ports/www/apache13-fp/ ===== cut here ===== --- http_request.c.orig Tue Feb 15 18:23:33 2000 +++ http_request.c Tue Feb 15 18:26:04 2000 @@ -175,7 +175,7 @@ { char *cp; char *path = r->filename; - char *end = &path[strlen(path)]; + char *end; char *last_cp = NULL; int rv; #ifdef HAVE_DRIVE_LETTERS @@ -187,6 +187,9 @@ return OK; } + if (r->execfilename) path = r->execfilename; + end = path + strlen(path); + #ifdef HAVE_DRIVE_LETTERS /* If the directory is x:\, then we don't want to strip * the trailing slash since x: is not a valid directory. @@ -511,6 +514,7 @@ res = ap_parse_htaccess(&htaccess_conf, r, overrides_here, ap_pstrdup(r->pool, test_dirname), sconf->access_name); + if (r->execfilename) r->filename = r->execfilename; if (res) return res; @@ -521,6 +525,7 @@ r->per_dir_config = per_dir_defaults; } } + if (r->execfilename) r->filename = r->execfilename; } /* ===== cut here ===== >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200002170525.LAA01395>