source: trunk/server/common/patches/httpd-2.2.x-CVE-2011-3607.patch @ 2134

Last change on this file since 2134 was 2134, checked in by achernya, 13 years ago
Patch httpd against some security vulnerabilities.
File size: 1006 bytes
RevLine 
[2134]1--- httpd/httpd/branches/2.2.x/server/util.c    2012/01/04 19:42:04     1227279
2+++ httpd/httpd/branches/2.2.x/server/util.c    2012/01/04 19:45:22     1227280
3@@ -82,6 +82,8 @@
4 #define IS_SLASH(s) (s == '/')
5 #endif
6 
7+/* same as APR_SIZE_MAX which doesn't appear until APR 1.3 */
8+#define UTIL_SIZE_MAX (~((apr_size_t)0))
9 
10 /*
11  * Examine a field value (such as a media-/content-type) string and return
12@@ -366,7 +368,7 @@
13     char *dest, *dst;
14     char c;
15     size_t no;
16-    int len;
17+    apr_size_t len;
18 
19     if (!source)
20         return NULL;
21@@ -391,6 +393,11 @@
22             len++;
23         }
24         else if (no < nmatch && pmatch[no].rm_so < pmatch[no].rm_eo) {
25+            if (UTIL_SIZE_MAX - len <= pmatch[no].rm_eo - pmatch[no].rm_so) {
26+                ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL,
27+                             "integer overflow or out of memory condition." );
28+                return NULL;
29+            }
30             len += pmatch[no].rm_eo - pmatch[no].rm_so;
31         }
32 
Note: See TracBrowser for help on using the repository browser.