diff options
| author | Henning Brauer <henning@cvs.openbsd.org> | 2006-07-28 13:52:31 +0000 |
|---|---|---|
| committer | Henning Brauer <henning@cvs.openbsd.org> | 2006-07-28 13:52:31 +0000 |
| commit | a6e45580e5064dbf7052e005cc303682fbac153f (patch) | |
| tree | 92e53df305a9742c05d51bf3f92a730ccfc3d10a /usr.sbin/httpd | |
| parent | 242f5dbf436cd952fe9b90df747a7d29f3dc6322 (diff) | |
A vulnerability has been reported in Apache HTTP Server, which potentially can
be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused by a off-by-one error in mod_rewrite and can be
exploited to cause a one-byte buffer overflow.
http://secunia.com/advisories/21197/
report "Alexey E. Suslikov" <cruel@texnika.com.ua>, the obvious fix
mailed in by Stuart Henderson <stu@spacehopper.org>
Diffstat (limited to 'usr.sbin/httpd')
| -rw-r--r-- | usr.sbin/httpd/src/modules/standard/mod_rewrite.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/usr.sbin/httpd/src/modules/standard/mod_rewrite.c b/usr.sbin/httpd/src/modules/standard/mod_rewrite.c index a6d90834c4b..a7cdffea2ce 100644 --- a/usr.sbin/httpd/src/modules/standard/mod_rewrite.c +++ b/usr.sbin/httpd/src/modules/standard/mod_rewrite.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mod_rewrite.c,v 1.24 2005/02/09 12:13:10 henning Exp $ */ +/* $OpenBSD: mod_rewrite.c,v 1.25 2006/07/28 13:52:30 henning Exp $ */ /* ==================================================================== * The Apache Software License, Version 1.1 @@ -2762,7 +2762,7 @@ static char *escape_absolute_uri(ap_pool *p, char *uri, unsigned scheme) int c = 0; token[0] = cp = ap_pstrdup(p, cp); - while (*cp && c < 5) { + while (*cp && c < 4) { if (*cp == '?') { token[++c] = cp + 1; *cp = '\0'; |