httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From n.@apache.org
Subject cvs commit: httpd-2.0/modules/proxy mod_proxy.c
Date Sun, 04 Jul 2004 22:39:07 GMT
nd          2004/07/04 15:39:07

  Modified:    modules/proxy mod_proxy.c
  Log:
  badly encoded urls could cause a null byte skipping (read buffer overflow).
  (e.g. % as last character).
  avoid that.
  
  Revision  Changes    Path
  1.103     +13 -5     httpd-2.0/modules/proxy/mod_proxy.c
  
  Index: mod_proxy.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/proxy/mod_proxy.c,v
  retrieving revision 1.102
  retrieving revision 1.103
  diff -u -u -r1.102 -r1.103
  --- mod_proxy.c	4 Jul 2004 22:24:52 -0000	1.102
  +++ mod_proxy.c	4 Jul 2004 22:39:06 -0000	1.103
  @@ -57,9 +57,9 @@
   
   static unsigned char hex2c(const char* p) {
     const char c1 = p[1];
  -  const char c2 = p[2];
  -  int i1 = x2c(c1);
  -  int i2 = x2c(c2);
  +  const char c2 = p[1] ? p[2]: '\0';
  +  int i1 = c1 ? x2c(c1) : 0;
  +  int i2 = c2 ? x2c(c2) : 0;
     unsigned char ret = (i1 << 4) | i2;
   
     return ret;
  @@ -70,9 +70,10 @@
   {
       const char *end_fakename = alias_fakename + strlen(alias_fakename);
       const char *aliasp = alias_fakename, *urip = uri;
  +    const char *end_uri = uri + strlen(uri);
       unsigned char uric, aliasc;
   
  -    while (aliasp < end_fakename) {
  +    while (aliasp < end_fakename && urip < end_uri) {
           if (*aliasp == '/') {
               /* any number of '/' in the alias matches any number in
                * the supplied URI, but there must be at least one...
  @@ -111,8 +112,15 @@
           }
       }
   
  -    /* Check last alias path component matched all the way */
  +    /* fixup badly encoded stuff (e.g. % as last character) */
  +    if (aliasp > end_fakename) {
  +        aliasp = end_fakename;
  +    }
  +    if (urip > end_uri) {
  +        urip = end_uri;
  +    }
   
  +    /* Check last alias path component matched all the way */
       if (aliasp[-1] != '/' && *urip != '\0' && *urip != '/')
           return 0;
   
  
  
  

Mime
View raw message