diff options
| author | Jasper Lievisse Adriaanse <jasper@cvs.openbsd.org> | 2010-02-03 17:42:31 +0000 |
|---|---|---|
| committer | Jasper Lievisse Adriaanse <jasper@cvs.openbsd.org> | 2010-02-03 17:42:31 +0000 |
| commit | 0d2ff4837950fc1d362f1dad3407105b8a004748 (patch) | |
| tree | ee95e25190ecf1321b96adf0f9e281f14ee5584a /usr.sbin | |
| parent | 8620089d27c1f045f7ce53ede93643da495b0afa (diff) | |
Add a SECURITY FIX for CVE-2010-0010
"on 64-bit platforms this allows remote origin servers to cause a
denial of service (daemon crash) or possibly execute arbitrary code
via a large chunk size that triggers a heap-based buffer overflow."
"looks good" to henning@
ok otto@
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/httpd/src/modules/proxy/proxy_util.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/usr.sbin/httpd/src/modules/proxy/proxy_util.c b/usr.sbin/httpd/src/modules/proxy/proxy_util.c index d06f26246b3..e0702b7d8fc 100644 --- a/usr.sbin/httpd/src/modules/proxy/proxy_util.c +++ b/usr.sbin/httpd/src/modules/proxy/proxy_util.c @@ -544,7 +544,7 @@ long int ap_proxy_send_fb(BUFF *f, request_rec *r, cache_req *c, off_t len, int /* read the chunk */ if (remaining > 0) { - n = ap_bread(f, buf, MIN((int)buf_size, (int)remaining)); + n = ap_bread(f, buf, (int) MIN(buf_size, remaining)); if (n > -1) { remaining -= n; end_of_chunk = (remaining == 0); @@ -585,8 +585,8 @@ long int ap_proxy_send_fb(BUFF *f, request_rec *r, cache_req *c, off_t len, int n = ap_bread(f, buf, buf_size); } else { - n = ap_bread(f, buf, MIN((int)buf_size, - (int)(len - total_bytes_rcvd))); + n = ap_bread(f, buf, (int) MIN(buf_size, + (len - total_bytes_rcvd))); } } |