httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jor...@apache.org
Subject svn commit: r189562 - in /httpd/httpd/branches/2.0.x: CHANGES STATUS modules/ssl/ssl_engine_kernel.c
Date Wed, 08 Jun 2005 09:08:10 GMT
Author: jorton
Date: Wed Jun  8 02:08:09 2005
New Revision: 189562

URL: http://svn.apache.org/viewcvs?rev=189562&view=rev
Log:
Merge r179781 from trunk:

* modules/ssl/ssl_engine_kernel.c (ssl_callback_SSLVerify_CRL): Fix
off-by-one.

PR: 35081
Submitted by: Marc Stern <mstern csc.com>
Reviewed by: jorton, trawick, pquerna

Modified:
    httpd/httpd/branches/2.0.x/CHANGES
    httpd/httpd/branches/2.0.x/STATUS
    httpd/httpd/branches/2.0.x/modules/ssl/ssl_engine_kernel.c

Modified: httpd/httpd/branches/2.0.x/CHANGES
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/CHANGES?rev=189562&r1=189561&r2=189562&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/CHANGES (original)
+++ httpd/httpd/branches/2.0.x/CHANGES Wed Jun  8 02:08:09 2005
@@ -1,5 +1,10 @@
 Changes with Apache 2.0.55
 
+  *) SECURITY: CAN-2005-1268 (cve.mitre.org)
+     mod_ssl: Fix off-by-one overflow whilst printing CRL information
+     at "LogLevel debug" which could be triggered if configured 
+     to use a "malicious" CRL.  PR 35081.  [Marc Stern <mstern csc.com>]
+
   *) mod_userdir: Fix possible memory corruption issue.  PR 34588.
      [David Leonard <dleonard vintela.com>]
 

Modified: httpd/httpd/branches/2.0.x/STATUS
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/STATUS?rev=189562&r1=189561&r2=189562&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/STATUS (original)
+++ httpd/httpd/branches/2.0.x/STATUS Wed Jun  8 02:08:09 2005
@@ -268,11 +268,6 @@
         http://svn.apache.org/viewcvs?rev=179622&view=rev
         +1: trawick
 
-     *) mod_ssl: Fix off-by-one, CVE CAN-2005-1268.
-        PR: 35081
-        http://svn.apache.org/viewcvs?rev=179781&view=rev
-        +1: jorton, trawick, pquerna
-
      *) mod_cache: Fix handling of 'Vary: *". PR 16125.
         Trunk: r180341
         2.0.x Patch: http://issues.apache.org/bugzilla/attachment.cgi?id=15297

Modified: httpd/httpd/branches/2.0.x/modules/ssl/ssl_engine_kernel.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/modules/ssl/ssl_engine_kernel.c?rev=189562&r1=189561&r2=189562&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/modules/ssl/ssl_engine_kernel.c (original)
+++ httpd/httpd/branches/2.0.x/modules/ssl/ssl_engine_kernel.c Wed Jun  8 02:08:09 2005
@@ -1398,7 +1398,7 @@
             BIO_printf(bio, ", nextUpdate: ");
             ASN1_UTCTIME_print(bio, X509_CRL_get_nextUpdate(crl));
 
-            n = BIO_read(bio, buff, sizeof(buff));
+            n = BIO_read(bio, buff, sizeof(buff) - 1);
             buff[n] = '\0';
 
             BIO_free(bio);



Mime
View raw message