ben 96/04/19 07:16:43
Modified: src util.c
Log:
Apply security patch described in CIAC Bulletin G-20, which is a copy of IBM
Security Vulnerability Alert ERS-SVA-E01-1996:002.2.
A newline was not escaped in a shell command, potentially permitting arbitrary
commands to be run.
Submitted by: IBM Corp.
Revision Changes Path
1.9 +1 -1 apache/src/util.c
Index: util.c
===================================================================
RCS file: /export/home/cvs/apache/src/util.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -C3 -r1.8 -r1.9
*** util.c 1996/04/15 11:28:02 1.8
--- util.c 1996/04/19 14:16:41 1.9
***************
*** 500,506 ****
}
#endif
! if(ind("&;`'\"|*?~<>^()[]{}$\\",cmd[x]) != -1){
for(y=l+1;y>x;y--)
cmd[y] = cmd[y-1];
l++; /* length has been increased */
--- 500,506 ----
}
#endif
! if(ind("&;`'\"|*?~<>^()[]{}$\\\n",cmd[x]) != -1){
for(y=l+1;y>x;y--)
cmd[y] = cmd[y-1];
l++; /* length has been increased */
