You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ji...@hyperreal.org on 1998/05/05 04:57:34 UTC

cvs commit: apache-1.3/src/modules/proxy proxy_util.c

jim         98/05/04 19:57:34

  Modified:    .        STATUS
               src      CHANGES
               src/modules/proxy proxy_util.c
  Log:
  Submitted by:	Jim Jagielski
  Reviewed by:	Brian Behlendorf
  Fix off-by-one error in ap_proxy_date_canon() when we check to see
  if 'x' is at least 30-chars wide.
  
  Revision  Changes    Path
  1.371     +3 -7      apache-1.3/STATUS
  
  Index: STATUS
  ===================================================================
  RCS file: /export/home/cvs/apache-1.3/STATUS,v
  retrieving revision 1.370
  retrieving revision 1.371
  diff -u -r1.370 -r1.371
  --- STATUS	1998/05/05 02:41:03	1.370
  +++ STATUS	1998/05/05 02:57:30	1.371
  @@ -11,13 +11,9 @@
   
   FINAL RELEASE SHOWSTOPPERS:
   
  -    * proxy security fixes from 1.2.5 need to be brought forward,
  -      specifically:
  -        -  if (strlen(x) < 30) {
  -        +  if (strlen(x)+1 < 30) {
  -	       x = ap_palloc(p, 30);
  -	   }
  -      in proxy_util.c.
  +    * proxy security fixes from 1.2.5 need to be brought forward.
  +      Note: off-by-one error in ap_proxy_date_canon() in
  +            proxy_util.c was fixed.
   
       * Someone other than Dean has to do a security/correctness review on
         psprintf(), bprintf(), and ap_snprintf().  In particular these routines
  
  
  
  1.817     +3 -0      apache-1.3/src/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /export/home/cvs/apache-1.3/src/CHANGES,v
  retrieving revision 1.816
  retrieving revision 1.817
  diff -u -r1.816 -r1.817
  --- CHANGES	1998/05/04 16:28:45	1.816
  +++ CHANGES	1998/05/05 02:57:32	1.817
  @@ -1,5 +1,8 @@
   Changes with Apache 1.3b7
   
  +  *) Fix off-by-one error in ap_proxy_date_canon() in proxy_util.c
  +     when ensuring 'x' is at least 30-chars big.
  +
     *) Fix debug log messages for BS2000/OSD: instead of logging the whole
        absolute path, only log base name of logging source as is done
        in unix. [Martin Kraemer]
  
  
  
  1.60      +1 -1      apache-1.3/src/modules/proxy/proxy_util.c
  
  Index: proxy_util.c
  ===================================================================
  RCS file: /export/home/cvs/apache-1.3/src/modules/proxy/proxy_util.c,v
  retrieving revision 1.59
  retrieving revision 1.60
  diff -u -r1.59 -r1.60
  --- proxy_util.c	1998/04/11 12:00:40	1.59
  +++ proxy_util.c	1998/05/05 02:57:34	1.60
  @@ -353,7 +353,7 @@
       if (mon == 12)
   	return x;
   
  -    if (strlen(x) < 30)
  +    if (strlen(x)+1 < 30)
   	x = ap_palloc(p, 30);
       ap_snprintf(x, 30, "%s, %.2d %s %d %.2d:%.2d:%.2d GMT", ap_day_snames[wk], mday,
   		ap_month_snames[mon], year, hour, min, sec);