FIX: Chunk fix for Apache 1.3.24 i386 .deb + source .dsc and .diff.gz available.

[Matthew Grant]

Hi All!

Source and an i386 .deb are now up on:

http://people.debian.org/~grantma

MD5sums:
$ md5sum apache_1.3.24-3.0.anathoth.1*
2694e435fcc5a8197d4942d38a651b43  apache_1.3.24-3.0.anathoth.1.diff.gz
b84b0f106079ab7f66f40d135f5ed3f9  apache_1.3.24-3.0.anathoth.1.dsc
561f18885c58b8302d3039accea8e8bf
apache_1.3.24-3.0.anathoth.1_i386.changes
5b0cf3f2a12b36063c7c19c8adbc450a  apache_1.3.24-3.0.anathoth.1_i386.deb



Here is a rehashed version of the patch cert_vucert944335 chunk fix
patch used in apache_1.3.9-14.1 for potato which works for apache in
woody and sid. 

The only thing stopping it was a comment about EBCDIC! 

Got to go  - test this thing on s390 as well! 

Uploading .debs to fix apache chunk size stuff for i386 on woody and sid
NOW!  Source .dsc and .diff is there if others want to build for other
architectures. The i386 .deb works on my home system.

Did not know how to do NMU with new security system, or someone else can
look after it. Matthew? Steve?

Best Regards, 

Matthew Grant
-- 
===
Matthew Grant/\  ^/\^   [EMAIL PROTECTED]  /\
A Linux Network Guy /~~\^/~~\_/~\___/~~\/**\
===GPG KeyID: 2EE20270  FingerPrint:
8C2535E1A11DF3EA5EA19125BA4E790E2EE20270==
--- build-tree/apache_1.3.24/src/main/http_protocol.c.cert_vucert944335 Fri Mar 
22 02:49:46 2002
+++ build-tree/apache_1.3.24/src/main/http_protocol.c   Thu Jun 20 19:50:31 2002
@@ -2019,21 +2019,35 @@
 static long get_chunk_size(char *b)
 {
 long chunksize = 0;
+long chunkbits = sizeof(long) * 8;
 
-while (ap_isxdigit(*b)) {
+/* Skip leading zeros */
+while (*b == '0') {
+++b;
+}
+
+while (ap_isxdigit(*b)  (chunkbits  0)) {
 int xvalue = 0;
 
/* This works even on EBCDIC. */
-if (*b = '0'  *b = '9')
+if (*b = '0'  *b = '9') {
 xvalue = *b - '0';
-else if (*b = 'A'  *b = 'F')
+}
+else if (*b = 'A'  *b = 'F') {
 xvalue = *b - 'A' + 0xa;
-else if (*b = 'a'  *b = 'f')
+}
+else if (*b = 'a'  *b = 'f') {
 xvalue = *b - 'a' + 0xa;
+}
 
 chunksize = (chunksize  4) | xvalue;
+chunkbits -= 4;
 ++b;
 }
+if (ap_isxdigit(*b)  (chunkbits = 0)) {
+/* overflow */
+return -1;
+}
 
 return chunksize;
 }
@@ -2117,6 +2131,10 @@
 return 0;
 }
 r-remaining = -1;  /* Indicate footers in-progress */
+}
+else if (len_to_read  0) {
+r-connection-keepalive = -1;
+return -1;
 }
 else {
 r-remaining = len_to_read;


signature.asc
Description: This is a digitally signed message part

Re: FIX: Chunk fix for Apache 1.3.24 i386 .deb + source .dsc and .diff.gz available.

[Steve Langasek]

Hello Matthew,

I'm a little confused as to why you're cc:ing me on these messages?

Steve Langasek
postmodern programmer

On Thu, Jun 20, 2002 at 08:20:56PM +1200, Matthew Grant wrote:

 Source and an i386 .deb are now up on:

 http://people.debian.org/~grantma

 MD5sums:
 $ md5sum apache_1.3.24-3.0.anathoth.1*
 2694e435fcc5a8197d4942d38a651b43  apache_1.3.24-3.0.anathoth.1.diff.gz
 b84b0f106079ab7f66f40d135f5ed3f9  apache_1.3.24-3.0.anathoth.1.dsc
 561f18885c58b8302d3039accea8e8bf
 apache_1.3.24-3.0.anathoth.1_i386.changes
 5b0cf3f2a12b36063c7c19c8adbc450a  apache_1.3.24-3.0.anathoth.1_i386.deb

 
 Here is a rehashed version of the patch cert_vucert944335 chunk fix
 patch used in apache_1.3.9-14.1 for potato which works for apache in
 woody and sid. 

 The only thing stopping it was a comment about EBCDIC! 

 Got to go  - test this thing on s390 as well! 

 Uploading .debs to fix apache chunk size stuff for i386 on woody and sid
 NOW!  Source .dsc and .diff is there if others want to build for other
 architectures. The i386 .deb works on my home system.

 Did not know how to do NMU with new security system, or someone else can
 look after it. Matthew? Steve?

 Best Regards, 

 Matthew Grant


pgpYt8q6Mk6wc.pgp
Description: PGP signature