cvs commit: apache/src mod_cookies.c
randy 97/01/11 16:45:55 Branch: src RELEASE_1_1_X Modified:src mod_cookies.c Log: Fix a buffer overflow problem which could allow unauthorized access. Reviewed by: Marc Slemko, Randy Terbush, Ben Laurie Submitted by: Alfred Huger [EMAIL PROTECTED] Revision ChangesPath 1.9.2.2 +4 -1 apache/src/Attic/mod_cookies.c Index: mod_cookies.c === RCS file: /export/home/cvs/apache/src/Attic/mod_cookies.c,v retrieving revision 1.9.2.1 retrieving revision 1.9.2.2 diff -C3 -r1.9.2.1 -r1.9.2.2 *** mod_cookies.c 1996/07/04 13:04:22 1.9.2.1 --- mod_cookies.c 1997/01/12 00:45:54 1.9.2.2 *** *** 119,125 void make_cookie(request_rec *r) { struct timeval tv; ! char new_cookie[100]; /* blurgh */ char *dot; const char *rname = pstrdup(r-pool, get_remote_host(r-connection, r-per_dir_config, --- 119,125 void make_cookie(request_rec *r) { struct timeval tv; ! char new_cookie[1024]; /* blurgh */ char *dot; const char *rname = pstrdup(r-pool, get_remote_host(r-connection, r-per_dir_config, *** *** 128,133 --- 128,136 struct timezone tz = { 0 , 0 }; if ((dot = strchr(rname,'.'))) *dot='\0'; /* First bit of hostname */ + if (strlen (rname) 255) + rname[256] = 0; + gettimeofday(tv, tz); sprintf(new_cookie,%s%s%d%ld%d; path=/, COOKIE_NAME, rname,
cvs commit: apache/src httpd.h
randy 97/01/11 16:47:16 Branch: src RELEASE_1_1_X Modified:src httpd.h Log: Prepare to release 1.1.2 to fix a couple of security problems. Revision ChangesPath 1.36.2.3 +1 -1 apache/src/httpd.h Index: httpd.h === RCS file: /export/home/cvs/apache/src/httpd.h,v retrieving revision 1.36.2.2 retrieving revision 1.36.2.3 diff -C3 -r1.36.2.2 -r1.36.2.3 *** httpd.h 1996/07/09 11:49:20 1.36.2.2 --- httpd.h 1997/01/12 00:47:15 1.36.2.3 *** *** 238,244 * Example: Apache/1.1b3 MrWidget/0.1-alpha */ ! #define SERVER_VERSION Apache/1.1.2-dev /* SEE COMMENTS ABOVE */ #define SERVER_PROTOCOL HTTP/1.0 #define SERVER_SUPPORT http://www.apache.org/; --- 238,244 * Example: Apache/1.1b3 MrWidget/0.1-alpha */ ! #define SERVER_VERSION Apache/1.1.2 /* SEE COMMENTS ABOVE */ #define SERVER_PROTOCOL HTTP/1.0 #define SERVER_SUPPORT http://www.apache.org/;
cvs commit: apache/src CHANGES
randy 97/01/11 16:51:20 Branch: src RELEASE_1_1_X Modified:src CHANGES Log: Update CHANGES Revision ChangesPath 1.39.2.2 +10 -0 apache/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apache/src/CHANGES,v retrieving revision 1.39.2.1 retrieving revision 1.39.2.2 diff -C3 -r1.39.2.1 -r1.39.2.2 *** CHANGES 1996/07/08 19:00:35 1.39.2.1 --- CHANGES 1997/01/12 00:51:19 1.39.2.2 *** *** 1,3 --- 1,13 + Changes with Apache 1.1.2: + + *) Fix a buffer overflow problem in mod_cookies. Without these + changes, it is possible to gain unauthorized user privledges + on systems running with mod_cookies compiled into the server. + + *) Fix another problem that could give a directory listing of + the document root if the request recieved is long enough to + force an error by the stat() function. + Changes with Apache 1.1.1: *) Fixed bug where Redirect in .htaccess files would cause memory
cvs commit: apache/src http_request.c mod_cookies.c
randy 97/01/11 18:05:45 Branch: src RELEASE_1_1_X Modified:src http_request.c mod_cookies.c Log: Make http_request.c changes a bit more portable. Change Copyright dates for both files. Revision ChangesPath 1.11.2.2 +11 -2 apache/src/http_request.c Index: http_request.c === RCS file: /export/home/cvs/apache/src/http_request.c,v retrieving revision 1.11.2.1 retrieving revision 1.11.2.2 diff -C3 -r1.11.2.1 -r1.11.2.2 *** http_request.c1997/01/12 00:40:17 1.11.2.1 --- http_request.c1997/01/12 02:05:41 1.11.2.2 *** *** 1,6 /* ! * Copyright (c) 1995 The Apache Group. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions --- 1,6 /* ! * Copyright (c) 1995-1997 The Apache Group. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions *** *** 179,185 --- 179,192 *cp = '\0'; return OK; } + #if defined(ENOENT) else if (errno == ENOENT) { + #else + #error Your system apparently does not define ENOENT. + #error Removal of these lines opens a security hole if protecting + #error from directory indexes with DirectoryIndex. + else { + #endif last_cp = cp; while (--cp path *cp != '/') *** *** 188,197 while (cp path cp[-1] == '/') --cp; } else { log_reason(unable to determine if index file exists (stat() returned unexpected error), r-filename, r); ! return HTTP_FORBIDDEN; } } return OK; --- 195,206 while (cp path cp[-1] == '/') --cp; } + #if defined(ENOENT) else { log_reason(unable to determine if index file exists (stat() returned unexpected error), r-filename, r); ! return FORBIDDEN; } + #endif } return OK; 1.9.2.3 +1 -1 apache/src/Attic/mod_cookies.c Index: mod_cookies.c === RCS file: /export/home/cvs/apache/src/Attic/mod_cookies.c,v retrieving revision 1.9.2.2 retrieving revision 1.9.2.3 diff -C3 -r1.9.2.2 -r1.9.2.3 *** mod_cookies.c 1997/01/12 00:45:54 1.9.2.2 --- mod_cookies.c 1997/01/12 02:05:42 1.9.2.3 *** *** 1,6 /* ! * Copyright (c) 1995, 1996 The Apache Group. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions --- 1,6 /* ! * Copyright (c) 1995-1997 The Apache Group. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions
cvs commit: apache/src http_request.c mod_dir.c
randy 97/01/11 21:17:27 Branch: src RELEASE_1_1_X Modified:src http_request.c mod_dir.c Log: More changes to support fix for DirectoryIndex/stat() problem. Reviewed by: Randy Terbush Submitted by: Marc Slemko Revision ChangesPath 1.11.2.3 +1 -1 apache/src/http_request.c Index: http_request.c === RCS file: /export/home/cvs/apache/src/http_request.c,v retrieving revision 1.11.2.2 retrieving revision 1.11.2.3 diff -C3 -r1.11.2.2 -r1.11.2.3 *** http_request.c1997/01/12 02:05:41 1.11.2.2 --- http_request.c1997/01/12 05:17:24 1.11.2.3 *** *** 197,203 } #if defined(ENOENT) else { ! log_reason(unable to determine if index file exists (stat() returned unexpected error), r-filename, r); return FORBIDDEN; } #endif --- 197,203 } #if defined(ENOENT) else { ! log_printf(r-server, access to %s failed for client; unable to determine if index file exists (stat() returned unexpected error), r-filename); return FORBIDDEN; } #endif 1.10.2.1 +17 -1 apache/src/mod_dir.c
cvs commit: apache/htdocs/manual/mod mod_cgi.html
akosut 97/01/11 23:02:00 Modified:htdocs/manual/mod mod_cgi.html Log: Add text about possible problems with ScriptLog. Also fix a spelling error. Revision ChangesPath 1.7 +7 -1 apache/htdocs/manual/mod/mod_cgi.html Index: mod_cgi.html === RCS file: /export/home/cvs/apache/htdocs/manual/mod/mod_cgi.html,v retrieving revision 1.6 retrieving revision 1.7 diff -C3 -r1.6 -r1.7 *** mod_cgi.html 1996/12/09 02:04:55 1.6 --- mod_cgi.html 1997/01/12 07:01:59 1.7 *** *** 33,39 h2CGI Environment variables/h2 The server will set the CGI environment variables as described in the CGI ! specification, with the following provisons: dl dtREMOTE_HOST ddThis will only be set if the server has not been compiled with --- 33,39 h2CGI Environment variables/h2 The server will set the CGI environment variables as described in the CGI ! specification, with the following provisions: dl dtREMOTE_HOST ddThis will only be set if the server has not been compiled with *** *** 122,127 --- 122,133 into the filename given as argument. If this is a relative file or path it is taken relative to the server root. + + pNote that script logging is meant to be a debugging feature when + writing CGI scripts, and is not meant to be activated continuously on + running servers. It is not optimized for speed or efficiency, and may + have security problems if used in a manner other than that for which + it was designed./p a name=scriptloglengthh3ScriptLogLength/h3/a