Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 17 Feb 2000 11:25:31 +0600 (NS)
From:      Max Khon <fjoe@iclub.nsu.ru>
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   ports/16772: buffer underflow in microsoft-supplied patch for apache+fp
Message-ID:  <200002170525.LAA01395@iclub.nsu.ru>
next in thread | raw e-mail | index | archive | help 

>Number:         16772
>Category:       ports
>Synopsis:       buffer underflow in microsoft-supplied patch for apache+fp
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Feb 16 21:30:02 PST 2000
>Closed-Date:
>Last-Modified:
>Originator:     Max Khon
>Release:        FreeBSD 3.4-STABLE i386
>Organization:
PLESK, Inc.
>Environment:

apache13-fp port, FreeBSD version is irrelevant

>Description:

patch for http_request.c (supplied by Microsoft) has one horrible bug
which I found when tried to make fpcount.exe to work under Solaris.
It worked before under FreeBSD (BSDI, Linux) only because r->execfilename
is allocated in memory right before r->filename.

>How-To-Repeat:

just look at the code. currently it works under FreeBSD.

>Fix:
	
new patch-fi for /usr/ports/www/apache13-fp/

===== cut here =====
--- http_request.c.orig	Tue Feb 15 18:23:33 2000
+++ http_request.c	Tue Feb 15 18:26:04 2000
@@ -175,7 +175,7 @@
 {
     char *cp;
     char *path = r->filename;
-    char *end = &path[strlen(path)];
+    char *end;
     char *last_cp = NULL;
     int rv;
 #ifdef HAVE_DRIVE_LETTERS
@@ -187,6 +187,9 @@
 	return OK;
     }
 
+    if (r->execfilename) path = r->execfilename;
+    end = path + strlen(path);
+
 #ifdef HAVE_DRIVE_LETTERS
     /* If the directory is x:\, then we don't want to strip
      * the trailing slash since x: is not a valid directory.
@@ -511,6 +514,7 @@
             res = ap_parse_htaccess(&htaccess_conf, r, overrides_here,
                                  ap_pstrdup(r->pool, test_dirname),
                                  sconf->access_name);
+            if (r->execfilename) r->filename = r->execfilename;
             if (res)
                 return res;
 
@@ -521,6 +525,7 @@
 		r->per_dir_config = per_dir_defaults;
 	    }
         }
+	if (r->execfilename) r->filename = r->execfilename;
     }
 
     /*
===== cut here =====

>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200002170525.LAA01395>