source:
trunk/server/common/patches/httpd-2.2.x-CVE-2011-3607.patch
@
2134
Last change on this file since 2134 was 2134, checked in by achernya, 13 years ago | |
---|---|
File size: 1006 bytes |
-
httpd/httpd/branches/2.2.x/server/util.c
82 82 #define IS_SLASH(s) (s == '/') 83 83 #endif 84 84 85 /* same as APR_SIZE_MAX which doesn't appear until APR 1.3 */ 86 #define UTIL_SIZE_MAX (~((apr_size_t)0)) 85 87 86 88 /* 87 89 * Examine a field value (such as a media-/content-type) string and return … … 366 368 char *dest, *dst; 367 369 char c; 368 370 size_t no; 369 int len;371 apr_size_t len; 370 372 371 373 if (!source) 372 374 return NULL; … … 391 393 len++; 392 394 } 393 395 else if (no < nmatch && pmatch[no].rm_so < pmatch[no].rm_eo) { 396 if (UTIL_SIZE_MAX - len <= pmatch[no].rm_eo - pmatch[no].rm_so) { 397 ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, 398 "integer overflow or out of memory condition." ); 399 return NULL; 400 } 394 401 len += pmatch[no].rm_eo - pmatch[no].rm_so; 395 402 } 396 403
Note: See TracBrowser
for help on using the repository browser.