You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rp...@apache.org on 2007/12/15 09:42:13 UTC

svn commit: r604403 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS modules/ssl/ssl_expr_eval.c

Author: rpluem
Date: Sat Dec 15 00:42:11 2007
New Revision: 604403

URL: http://svn.apache.org/viewvc?rev=604403&view=rev
Log:
* Correctly terminate string in SSL client certificate extensions
  parsing by ensuring that it always has a \0 at the end.

PR: PR 44073
Submitted by: yl <yl bee-ware.net>
Reviewed by: rpluem, jorton, trawick

Modified:
    httpd/httpd/branches/2.2.x/CHANGES
    httpd/httpd/branches/2.2.x/STATUS
    httpd/httpd/branches/2.2.x/modules/ssl/ssl_expr_eval.c

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=604403&r1=604402&r2=604403&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Sat Dec 15 00:42:11 2007
@@ -9,6 +9,9 @@
      This has no security impact since the browser cannot be tricked
      into sending arbitrary method strings.  [Jeff Trawick]
 
+  *) mod_ssl: Fix SSL client certificate extensions parsing bug. PR 44073.
+     [yl <yl bee-ware.net>]
+
   *) mod_proxy_ajp: Use 64K as maximum AJP packet size. This is the maximum
      length we can squeeze inside the AJP message packet.
      [Mladen Turk]

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=604403&r1=604402&r2=604403&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Sat Dec 15 00:42:11 2007
@@ -79,18 +79,6 @@
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-   * mod_ssl: Correctly terminate string in SSL client certificate extensions
-     parsing by ensuring that it always has a \0 at the end.
-     PR: 44073
-     Trunk version of patch:
-        Trunk changed in http://svn.apache.org/viewvc?view=rev&revision=289444
-        in a way that IMHO is not backportable (due to the changes done in
-        mod_ssl.h).
-     Backport version for 2.2.x of patch:
-        http://people.apache.org/~rpluem/patches/foreign_patches/44073_2.2.x.diff
-     +1: rpluem, jorton, trawick
-     jorton: s/pstrndup/pstrmemdup/ would be better but it works either way
-
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
 

Modified: httpd/httpd/branches/2.2.x/modules/ssl/ssl_expr_eval.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_expr_eval.c?rev=604403&r1=604402&r2=604403&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/ssl/ssl_expr_eval.c (original)
+++ httpd/httpd/branches/2.2.x/modules/ssl/ssl_expr_eval.c Sat Dec 15 00:42:11 2007
@@ -239,7 +239,7 @@
 
                 BIO_get_mem_ptr(bio, &buf);
 
-                *new = apr_pstrdup(r->pool, buf->data);
+                *new = apr_pstrmemdup(r->pool, buf->data, buf->length);
             }
 
             BIO_vfree(bio);