cvs commit: apache/src mod_cookies.c
randy 97/01/11 16:45:55
Branch: src RELEASE_1_1_X
Modified:src mod_cookies.c
Log:
Fix a buffer overflow problem which could allow unauthorized access.
Reviewed by: Marc Slemko, Randy Terbush, Ben Laurie
Submitted by: Alfred Huger [EMAIL PROTECTED]
Revision ChangesPath
1.9.2.2 +4 -1 apache/src/Attic/mod_cookies.c
Index: mod_cookies.c
===
RCS file: /export/home/cvs/apache/src/Attic/mod_cookies.c,v
retrieving revision 1.9.2.1
retrieving revision 1.9.2.2
diff -C3 -r1.9.2.1 -r1.9.2.2
*** mod_cookies.c 1996/07/04 13:04:22 1.9.2.1
--- mod_cookies.c 1997/01/12 00:45:54 1.9.2.2
***
*** 119,125
void make_cookie(request_rec *r)
{
struct timeval tv;
! char new_cookie[100]; /* blurgh */
char *dot;
const char *rname = pstrdup(r-pool,
get_remote_host(r-connection,
r-per_dir_config,
--- 119,125
void make_cookie(request_rec *r)
{
struct timeval tv;
! char new_cookie[1024]; /* blurgh */
char *dot;
const char *rname = pstrdup(r-pool,
get_remote_host(r-connection,
r-per_dir_config,
***
*** 128,133
--- 128,136
struct timezone tz = { 0 , 0 };
if ((dot = strchr(rname,'.'))) *dot='\0'; /* First bit of
hostname */
+ if (strlen (rname) 255)
+ rname[256] = 0;
+
gettimeofday(tv, tz);
sprintf(new_cookie,%s%s%d%ld%d; path=/,
COOKIE_NAME, rname,
cvs commit: apache/src httpd.h
randy 97/01/11 16:47:16 Branch: src RELEASE_1_1_X Modified:src httpd.h Log: Prepare to release 1.1.2 to fix a couple of security problems. Revision ChangesPath 1.36.2.3 +1 -1 apache/src/httpd.h Index: httpd.h === RCS file: /export/home/cvs/apache/src/httpd.h,v retrieving revision 1.36.2.2 retrieving revision 1.36.2.3 diff -C3 -r1.36.2.2 -r1.36.2.3 *** httpd.h 1996/07/09 11:49:20 1.36.2.2 --- httpd.h 1997/01/12 00:47:15 1.36.2.3 *** *** 238,244 * Example: Apache/1.1b3 MrWidget/0.1-alpha */ ! #define SERVER_VERSION Apache/1.1.2-dev /* SEE COMMENTS ABOVE */ #define SERVER_PROTOCOL HTTP/1.0 #define SERVER_SUPPORT http://www.apache.org/; --- 238,244 * Example: Apache/1.1b3 MrWidget/0.1-alpha */ ! #define SERVER_VERSION Apache/1.1.2 /* SEE COMMENTS ABOVE */ #define SERVER_PROTOCOL HTTP/1.0 #define SERVER_SUPPORT http://www.apache.org/;
cvs commit: apache/src CHANGES
randy 97/01/11 16:51:20 Branch: src RELEASE_1_1_X Modified:src CHANGES Log: Update CHANGES Revision ChangesPath 1.39.2.2 +10 -0 apache/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apache/src/CHANGES,v retrieving revision 1.39.2.1 retrieving revision 1.39.2.2 diff -C3 -r1.39.2.1 -r1.39.2.2 *** CHANGES 1996/07/08 19:00:35 1.39.2.1 --- CHANGES 1997/01/12 00:51:19 1.39.2.2 *** *** 1,3 --- 1,13 + Changes with Apache 1.1.2: + + *) Fix a buffer overflow problem in mod_cookies. Without these + changes, it is possible to gain unauthorized user privledges + on systems running with mod_cookies compiled into the server. + + *) Fix another problem that could give a directory listing of + the document root if the request recieved is long enough to + force an error by the stat() function. + Changes with Apache 1.1.1: *) Fixed bug where Redirect in .htaccess files would cause memory
cvs commit: apache/src http_request.c mod_cookies.c
randy 97/01/11 18:05:45
Branch: src RELEASE_1_1_X
Modified:src http_request.c mod_cookies.c
Log:
Make http_request.c changes a bit more portable.
Change Copyright dates for both files.
Revision ChangesPath
1.11.2.2 +11 -2 apache/src/http_request.c
Index: http_request.c
===
RCS file: /export/home/cvs/apache/src/http_request.c,v
retrieving revision 1.11.2.1
retrieving revision 1.11.2.2
diff -C3 -r1.11.2.1 -r1.11.2.2
*** http_request.c1997/01/12 00:40:17 1.11.2.1
--- http_request.c1997/01/12 02:05:41 1.11.2.2
***
*** 1,6
/*
! * Copyright (c) 1995 The Apache Group. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
--- 1,6
/*
! * Copyright (c) 1995-1997 The Apache Group. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
***
*** 179,185
--- 179,192
*cp = '\0';
return OK;
}
+ #if defined(ENOENT)
else if (errno == ENOENT) {
+ #else
+ #error Your system apparently does not define ENOENT.
+ #error Removal of these lines opens a security hole if protecting
+ #error from directory indexes with DirectoryIndex.
+ else {
+ #endif
last_cp = cp;
while (--cp path *cp != '/')
***
*** 188,197
while (cp path cp[-1] == '/')
--cp;
}
else {
log_reason(unable to determine if index file exists (stat()
returned unexpected error), r-filename, r);
! return HTTP_FORBIDDEN;
}
}
return OK;
--- 195,206
while (cp path cp[-1] == '/')
--cp;
}
+ #if defined(ENOENT)
else {
log_reason(unable to determine if index file exists (stat()
returned unexpected error), r-filename, r);
! return FORBIDDEN;
}
+ #endif
}
return OK;
1.9.2.3 +1 -1 apache/src/Attic/mod_cookies.c
Index: mod_cookies.c
===
RCS file: /export/home/cvs/apache/src/Attic/mod_cookies.c,v
retrieving revision 1.9.2.2
retrieving revision 1.9.2.3
diff -C3 -r1.9.2.2 -r1.9.2.3
*** mod_cookies.c 1997/01/12 00:45:54 1.9.2.2
--- mod_cookies.c 1997/01/12 02:05:42 1.9.2.3
***
*** 1,6
/*
! * Copyright (c) 1995, 1996 The Apache Group. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
--- 1,6
/*
! * Copyright (c) 1995-1997 The Apache Group. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
cvs commit: apache/src http_request.c mod_dir.c
randy 97/01/11 21:17:27
Branch: src RELEASE_1_1_X
Modified:src http_request.c mod_dir.c
Log:
More changes to support fix for DirectoryIndex/stat() problem.
Reviewed by: Randy Terbush
Submitted by: Marc Slemko
Revision ChangesPath
1.11.2.3 +1 -1 apache/src/http_request.c
Index: http_request.c
===
RCS file: /export/home/cvs/apache/src/http_request.c,v
retrieving revision 1.11.2.2
retrieving revision 1.11.2.3
diff -C3 -r1.11.2.2 -r1.11.2.3
*** http_request.c1997/01/12 02:05:41 1.11.2.2
--- http_request.c1997/01/12 05:17:24 1.11.2.3
***
*** 197,203
}
#if defined(ENOENT)
else {
! log_reason(unable to determine if index file exists (stat()
returned unexpected error), r-filename, r);
return FORBIDDEN;
}
#endif
--- 197,203
}
#if defined(ENOENT)
else {
! log_printf(r-server, access to %s failed for client; unable to
determine if index file exists (stat() returned unexpected error),
r-filename);
return FORBIDDEN;
}
#endif
1.10.2.1 +17 -1 apache/src/mod_dir.c
cvs commit: apache/htdocs/manual/mod mod_cgi.html
akosut 97/01/11 23:02:00 Modified:htdocs/manual/mod mod_cgi.html Log: Add text about possible problems with ScriptLog. Also fix a spelling error. Revision ChangesPath 1.7 +7 -1 apache/htdocs/manual/mod/mod_cgi.html Index: mod_cgi.html === RCS file: /export/home/cvs/apache/htdocs/manual/mod/mod_cgi.html,v retrieving revision 1.6 retrieving revision 1.7 diff -C3 -r1.6 -r1.7 *** mod_cgi.html 1996/12/09 02:04:55 1.6 --- mod_cgi.html 1997/01/12 07:01:59 1.7 *** *** 33,39 h2CGI Environment variables/h2 The server will set the CGI environment variables as described in the CGI ! specification, with the following provisons: dl dtREMOTE_HOST ddThis will only be set if the server has not been compiled with --- 33,39 h2CGI Environment variables/h2 The server will set the CGI environment variables as described in the CGI ! specification, with the following provisions: dl dtREMOTE_HOST ddThis will only be set if the server has not been compiled with *** *** 122,127 --- 122,133 into the filename given as argument. If this is a relative file or path it is taken relative to the server root. + + pNote that script logging is meant to be a debugging feature when + writing CGI scripts, and is not meant to be activated continuously on + running servers. It is not optimized for speed or efficiency, and may + have security problems if used in a manner other than that for which + it was designed./p a name=scriptloglengthh3ScriptLogLength/h3/a
