You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rj...@apache.org on 2012/10/03 18:13:16 UTC
svn commit: r1393578 - in /httpd/httpd/branches/2.0.x: ./ CHANGES STATUS
server/util.c
Author: rjung
Date: Wed Oct 3 16:13:16 2012
New Revision: 1393578
URL: http://svn.apache.org/viewvc?rev=1393578&view=rev
Log:
Revert commit r1392042.
It was voted as backport of r1227280 from 2.2.x,
instead applied was r1198940 from trunk, which
breaks compilation (wrong return type, non-existing
APR macro). The 2.2 revision has these fixed.
Will apply the 2.2 revision next, since the vote
was actually for that one.
Modified:
httpd/httpd/branches/2.0.x/ (props changed)
httpd/httpd/branches/2.0.x/CHANGES
httpd/httpd/branches/2.0.x/STATUS
httpd/httpd/branches/2.0.x/server/util.c
Propchange: httpd/httpd/branches/2.0.x/
------------------------------------------------------------------------------
Reverse-merged /httpd/httpd/trunk:r1198940,1227280
Modified: httpd/httpd/branches/2.0.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?rev=1393578&r1=1393577&r2=1393578&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.0.x/CHANGES [utf-8] Wed Oct 3 16:13:16 2012
@@ -11,10 +11,6 @@ Changes with Apache 2.0.65
could cause the parent to crash at shutdown rather than terminate
cleanly. [Joe Orton]
- *) SECURITY: CVE-2011-3607 (cve.mitre.org)
- core: Fix integer overflow in ap_pregsub. This can be triggered e.g.
- with mod_setenvif via a malicious .htaccess. [Stefan Fritsch]
-
*) SECURITY: CVE-2011-3368 (cve.mitre.org)
Reject requests where the request-URI does not match the HTTP
specification, preventing unexpected expansion of target URLs in
Modified: httpd/httpd/branches/2.0.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/STATUS?rev=1393578&r1=1393577&r2=1393578&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/STATUS (original)
+++ httpd/httpd/branches/2.0.x/STATUS Wed Oct 3 16:13:16 2012
@@ -129,6 +129,13 @@ RELEASE SHOWSTOPPERS:
More eyes welcome.
jim: not a showstopper, imo
+ *) SECURITY: CVE-2011-3607 (cve.mitre.org)
+ Fix integer overflow in ap_pregsub() which, when the mod_setenvif module
+ is enabled, could allow local users to gain privileges via a .htaccess
+ file. [Stefan Fritsch, Greg Ames]
+ From 2.2.x; http://svn.apache.org/viewvc?view=revision&revision=1227280
+ +1: gregames, wrowe, trawick
+
*) SECURITY: CVE-2011-4317 (cve.mitre.org)
Resolve additional cases of URL rewriting with ProxyPassMatch or
RewriteRule, where particular request-URIs could result in undesired
Modified: httpd/httpd/branches/2.0.x/server/util.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/server/util.c?rev=1393578&r1=1393577&r2=1393578&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/server/util.c (original)
+++ httpd/httpd/branches/2.0.x/server/util.c Wed Oct 3 16:13:16 2012
@@ -410,8 +410,6 @@ AP_DECLARE(char *) ap_pregsub(apr_pool_t
len++;
}
else if (no < nmatch && pmatch[no].rm_so < pmatch[no].rm_eo) {
- if (APR_SIZE_MAX - len <= pmatch[no].rm_eo - pmatch[no].rm_so)
- return APR_ENOMEM;
len += pmatch[no].rm_eo - pmatch[no].rm_so;
}