| Last change
                  on this file since 2144 was
                  2134,
                  checked in by achernya, 14 years ago | 
        
          | Patch httpd against some security vulnerabilities. | 
        | File size:
            1006 bytes | 
      
      
        
  | Rev | Line |  | 
|---|
| [2134] | 1 | --- httpd/httpd/branches/2.2.x/server/util.c    2012/01/04 19:42:04     1227279 | 
|---|
|  | 2 | +++ httpd/httpd/branches/2.2.x/server/util.c    2012/01/04 19:45:22     1227280 | 
|---|
|  | 3 | @@ -82,6 +82,8 @@ | 
|---|
|  | 4 | #define IS_SLASH(s) (s == '/') | 
|---|
|  | 5 | #endif | 
|---|
|  | 6 |  | 
|---|
|  | 7 | +/* same as APR_SIZE_MAX which doesn't appear until APR 1.3 */ | 
|---|
|  | 8 | +#define UTIL_SIZE_MAX (~((apr_size_t)0)) | 
|---|
|  | 9 |  | 
|---|
|  | 10 | /* | 
|---|
|  | 11 | * Examine a field value (such as a media-/content-type) string and return | 
|---|
|  | 12 | @@ -366,7 +368,7 @@ | 
|---|
|  | 13 | char *dest, *dst; | 
|---|
|  | 14 | char c; | 
|---|
|  | 15 | size_t no; | 
|---|
|  | 16 | -    int len; | 
|---|
|  | 17 | +    apr_size_t len; | 
|---|
|  | 18 |  | 
|---|
|  | 19 | if (!source) | 
|---|
|  | 20 | return NULL; | 
|---|
|  | 21 | @@ -391,6 +393,11 @@ | 
|---|
|  | 22 | len++; | 
|---|
|  | 23 | } | 
|---|
|  | 24 | else if (no < nmatch && pmatch[no].rm_so < pmatch[no].rm_eo) { | 
|---|
|  | 25 | +            if (UTIL_SIZE_MAX - len <= pmatch[no].rm_eo - pmatch[no].rm_so) { | 
|---|
|  | 26 | +                ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, | 
|---|
|  | 27 | +                             "integer overflow or out of memory condition." ); | 
|---|
|  | 28 | +                return NULL; | 
|---|
|  | 29 | +            } | 
|---|
|  | 30 | len += pmatch[no].rm_eo - pmatch[no].rm_so; | 
|---|
|  | 31 | } | 
|---|
|  | 32 |  | 
|---|
       
      
      Note: See 
TracBrowser
        for help on using the repository browser.