httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@hyperreal.com>
Subject cvs commit: apache/src util.c
Date Fri, 19 Apr 1996 14:16:44 GMT
ben         96/04/19 07:16:43

  Modified:    src       util.c
  Log:
  Apply security patch described in CIAC Bulletin G-20, which is a copy of IBM
  Security Vulnerability Alert ERS-SVA-E01-1996:002.2.
  A newline was not escaped in a shell command, potentially permitting arbitrary
  commands to be run.
  Submitted by: IBM Corp.
  
  Revision  Changes    Path
  1.9       +1 -1      apache/src/util.c
  
  Index: util.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/util.c,v
  retrieving revision 1.8
  retrieving revision 1.9
  diff -C3 -r1.8 -r1.9
  *** util.c	1996/04/15 11:28:02	1.8
  --- util.c	1996/04/19 14:16:41	1.9
  ***************
  *** 500,506 ****
            }
    #endif
    
  !         if(ind("&;`'\"|*?~<>^()[]{}$\\",cmd[x]) != -1){
                for(y=l+1;y>x;y--)
                    cmd[y] = cmd[y-1];
                l++; /* length has been increased */
  --- 500,506 ----
            }
    #endif
    
  !         if(ind("&;`'\"|*?~<>^()[]{}$\\\n",cmd[x]) != -1){
                for(y=l+1;y>x;y--)
                    cmd[y] = cmd[y-1];
                l++; /* length has been increased */
  
  
  

Mime
View raw message