httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From traw...@apache.org
Subject svn commit: r192995 - in /httpd/httpd/trunk: CHANGES modules/generators/mod_cgid.c
Date Wed, 22 Jun 2005 20:54:29 GMT
Author: trawick
Date: Wed Jun 22 13:54:28 2005
New Revision: 192995

URL: http://svn.apache.org/viewcvs?rev=192995&view=rev
Log:
mod_cgid: Fix buffer overflow processing ScriptSock directive.

Submitted by:        Steve Kemp <steve steve.org.uk>
Reviewed/tweaked by: trawick


Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/generators/mod_cgid.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/CHANGES?rev=192995&r1=192994&r2=192995&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES (original)
+++ httpd/httpd/trunk/CHANGES Wed Jun 22 13:54:28 2005
@@ -1,6 +1,9 @@
 Changes with Apache 2.1.6
   [Remove entries to the current 2.0 section below, when backported]
 
+  *) mod_cgid: Fix buffer overflow processing ScriptSock directive.
+     [Steve Kemp <steve steve.org.uk>]
+
 Changes with Apache 2.1.5
 
   *) SECURITY: 

Modified: httpd/httpd/trunk/modules/generators/mod_cgid.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/generators/mod_cgid.c?rev=192995&r1=192994&r2=192995&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/generators/mod_cgid.c (original)
+++ httpd/httpd/trunk/modules/generators/mod_cgid.c Wed Jun 22 13:54:28 2005
@@ -597,7 +597,7 @@
 
     memset(&unix_addr, 0, sizeof(unix_addr));
     unix_addr.sun_family = AF_UNIX;
-    strcpy(unix_addr.sun_path, sockname);
+    apr_cpystrn(unix_addr.sun_path, sockname, sizeof unix_addr.sun_path);
 
     omask = umask(0077); /* so that only Apache can use socket */
     rc = bind(sd, (struct sockaddr *)&unix_addr, sizeof(unix_addr));
@@ -1112,7 +1112,7 @@
 
     memset(&unix_addr, 0, sizeof(unix_addr));
     unix_addr.sun_family = AF_UNIX;
-    strcpy(unix_addr.sun_path, sockname);
+    apr_cpystrn(unix_addr.sun_path, sockname, sizeof unix_addr.sun_path);
 
     connect_tries = 0;
     sliding_timer = 100000; /* 100 milliseconds */



Mime
View raw message