source: trunk/server/common/patches/httpd-2.2.x-CVE-2011-3607.patch @ 2134

Last change on this file since 2134 was 2134, checked in by achernya, 10 years ago
Patch httpd against some security vulnerabilities.
File size: 1006 bytes
  • httpd/httpd/branches/2.2.x/server/util.c

     
    8282#define IS_SLASH(s) (s == '/')
    8383#endif
    8484
     85/* same as APR_SIZE_MAX which doesn't appear until APR 1.3 */
     86#define UTIL_SIZE_MAX (~((apr_size_t)0))
    8587
    8688/*
    8789 * Examine a field value (such as a media-/content-type) string and return
     
    366368    char *dest, *dst;
    367369    char c;
    368370    size_t no;
    369     int len;
     371    apr_size_t len;
    370372
    371373    if (!source)
    372374        return NULL;
     
    391393            len++;
    392394        }
    393395        else if (no < nmatch && pmatch[no].rm_so < pmatch[no].rm_eo) {
     396            if (UTIL_SIZE_MAX - len <= pmatch[no].rm_eo - pmatch[no].rm_so) {
     397                ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL,
     398                             "integer overflow or out of memory condition." );
     399                return NULL;
     400            }
    394401            len += pmatch[no].rm_eo - pmatch[no].rm_so;
    395402        }
    396403
Note: See TracBrowser for help on using the repository browser.