httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jor...@apache.org
Subject svn commit: r179781 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_kernel.c
Date Fri, 03 Jun 2005 12:54:54 GMT
Author: jorton
Date: Fri Jun  3 05:54:53 2005
New Revision: 179781

URL: http://svn.apache.org/viewcvs?rev=179781&view=rev
Log:
* modules/ssl/ssl_engine_kernel.c (ssl_callback_SSLVerify_CRL): Fix
off-by-one.

PR: 35081
Submitted by: Marc Stern <mstern csc.com>

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/CHANGES?rev=179781&r1=179780&r2=179781&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES (original)
+++ httpd/httpd/trunk/CHANGES Fri Jun  3 05:54:53 2005
@@ -2,6 +2,11 @@
 
   [Remove entries to the current 2.0 section below, when backported]
 
+  *) SECURITY: CAN-2005-1268 (cve.mitre.org)
+     mod_ssl: Fix possible crash on printing CRL details when
+     debugging is enabled, if configured to use a CRL from
+     a malicious source.  PR 35081.  [Marc Stern <mstern csc.com>]
+
   *) proxy FTP: Fix confusion about globbing characters which could lead
      to getting a directory listing when a file was requested.  PR 34512.
      [Sean <infamous41md hotmail.com>]

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?rev=179781&r1=179780&r2=179781&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c Fri Jun  3 05:54:53 2005
@@ -1408,7 +1408,7 @@
             BIO_printf(bio, ", nextUpdate: ");
             ASN1_UTCTIME_print(bio, X509_CRL_get_nextUpdate(crl));
 
-            n = BIO_read(bio, buff, sizeof(buff));
+            n = BIO_read(bio, buff, sizeof(buff) - 1);
             buff[n] = '\0';
 
             BIO_free(bio);



Mime
View raw message