Author: hawk Date: Wed Feb 8 20:23:59 2006 GMT Module: SOURCES Tag: RA-branch ---- Log message: - taken apache1-CVE-2005-3352.patch for Ra
---- Files affected: SOURCES: apache-CVE-2005-3352.patch (1.1 -> 1.1.4.1) ---- Diffs: ================================================================ Index: SOURCES/apache-CVE-2005-3352.patch diff -u SOURCES/apache-CVE-2005-3352.patch:1.1 SOURCES/apache-CVE-2005-3352.patch:1.1.4.1 --- SOURCES/apache-CVE-2005-3352.patch:1.1 Tue Feb 7 20:35:42 2006 +++ SOURCES/apache-CVE-2005-3352.patch Wed Feb 8 21:23:54 2006 @@ -1,35 +1,37 @@ -http://bugs.gentoo.org/show_bug.cgi?id=118875 - ---- server/util.c (revision 330526) -+++ server/util.c (working copy) -@@ -1762,6 +1762,8 @@ - j += 3; - else if (s[i] == '&') - j += 4; -+ else if (s[i] == '"') -+ j += 5; - - if (j == 0) - return apr_pstrmemdup(p, s, i); -@@ -1780,6 +1782,10 @@ - memcpy(&x[j], "&", 5); - j += 4; - } -+ else if (s[i] == '"') { -+ memcpy(&x[j], """, 6); -+ j += 5; -+ } - else - x[j] = s[i]; - ---- modules/mappers/mod_imap.c (revision 330526) -+++ modules/mappers/mod_imap.c (working copy) -@@ -342,7 +342,7 @@ +Index: src/modules/standard/mod_imap.c +=================================================================== +--- src/modules/standard/mod_imap.c (revision 330526) ++++ src/modules/standard/mod_imap.c (working copy) +@@ -328,7 +328,7 @@ if (!strcasecmp(value, "referer")) { - referer = apr_table_get(r->headers_in, "Referer"); + referer = ap_table_get(r->headers_in, "Referer"); if (referer && *referer) { -- return apr_pstrdup(r->pool, referer); +- return ap_pstrdup(r->pool, referer); + return ap_escape_html(r->pool, referer); } else { /* XXX: This used to do *value = '\0'; ... which is totally bogus +Index: src/main/util.c +=================================================================== +--- src/main/util.c (revision 330526) ++++ src/main/util.c (working copy) +@@ -1722,6 +1722,8 @@ + j += 3; + else if (s[i] == '&') + j += 4; ++ else if (s[i] == '"') ++ j += 5; + + if (j == 0) + return ap_pstrndup(p, s, i); +@@ -1740,6 +1742,10 @@ + memcpy(&x[j], "&", 5); + j += 4; + } ++ else if (s[i] == '"') { ++ memcpy(&x[j], """, 6); ++ j += 5; ++ } + else + x[j] = s[i]; + ================================================================ ---- CVS-web: http://cvs.pld-linux.org/SOURCES/apache-CVE-2005-3352.patch?r1=1.1&r2=1.1.4.1&f=u _______________________________________________ pld-cvs-commit mailing list pld-cvs-commit@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
