httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From traw...@apache.org
Subject svn commit: r1001762 - in /httpd/httpd/branches/2.0.x: CHANGES STATUS modules/ssl/ssl_engine_io.c
Date Mon, 27 Sep 2010 14:42:00 GMT
Author: trawick
Date: Mon Sep 27 14:42:00 2010
New Revision: 1001762

URL: http://svn.apache.org/viewvc?rev=1001762&view=rev
Log:
backport trunk r683280

mod_ssl: Use memmove instead of memcpy for overlapping buffers

Submitted by: jorton
Reviewed by: sf, trawick


Modified:
    httpd/httpd/branches/2.0.x/CHANGES
    httpd/httpd/branches/2.0.x/STATUS
    httpd/httpd/branches/2.0.x/modules/ssl/ssl_engine_io.c

Modified: httpd/httpd/branches/2.0.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?rev=1001762&r1=1001761&r2=1001762&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.0.x/CHANGES [utf-8] Mon Sep 27 14:42:00 2010
@@ -44,6 +44,8 @@ Changes with Apache 2.0.64
      mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
      the FTP URL. Discovered by Marc Bevand of Rapid7. [Ruediger Pluem]
 
+  *) mod_ssl: Do not do overlapping memcpy. PR 45444 [Joe Orton]
+
   *) Add Set-Cookie and Set-Cookie2 to the list of headers allowed to pass 
      through on a 304 response.  [Nick Kew]
 

Modified: httpd/httpd/branches/2.0.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/STATUS?rev=1001762&r1=1001761&r2=1001762&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/STATUS (original)
+++ httpd/httpd/branches/2.0.x/STATUS Mon Sep 27 14:42:00 2010
@@ -146,11 +146,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
       http://people.apache.org/~rjung/patches/cve-2009-3555_httpd_2_0_x-backport-r891282.patch
     +1: rjung, pgollucci (+1 2.0.64 w/ this), wrowe
 
-  * mod_ssl: Use memmove instead of memcpy for overlapping buffers
-    Trunk patch: http://svn.apache.org/viewvc?view=rev&revision=683280
-    2.0.x patch: Trunk patch works
-    +1: sf, jorton, trawick
-
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ please place SVN revisions from trunk here, so it is easy to
     identify exactly what the proposed changes are!  Add all new

Modified: httpd/httpd/branches/2.0.x/modules/ssl/ssl_engine_io.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/modules/ssl/ssl_engine_io.c?rev=1001762&r1=1001761&r2=1001762&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/modules/ssl/ssl_engine_io.c (original)
+++ httpd/httpd/branches/2.0.x/modules/ssl/ssl_engine_io.c Mon Sep 27 14:42:00 2010
@@ -343,6 +343,13 @@ typedef struct {
  * this char_buffer api might seem silly, but we don't need to copy
  * any of this data and we need to remember the length.
  */
+
+/* Copy up to INL bytes from the char_buffer BUFFER into IN.  Note
+ * that due to the strange way this API is designed/used, the
+ * char_buffer object is used to cache a segment of inctx->buffer, and
+ * then this function called to copy (part of) that segment to the
+ * beginning of inctx->buffer.  So the segments to copy cannot be
+ * presumed to be non-overlapping, and memmove must be used. */
 static int char_buffer_read(char_buffer_t *buffer, char *in, int inl)
 {
     if (!buffer->length) {
@@ -351,13 +358,13 @@ static int char_buffer_read(char_buffer_
 
     if (buffer->length > inl) {
         /* we have have enough to fill the caller's buffer */
-        memcpy(in, buffer->value, inl);
+        memmove(in, buffer->value, inl);
         buffer->value += inl;
         buffer->length -= inl;
     }
     else {
         /* swallow remainder of the buffer */
-        memcpy(in, buffer->value, buffer->length);
+        memmove(in, buffer->value, buffer->length);
         inl = buffer->length;
         buffer->value = NULL;
         buffer->length = 0;



Mime
View raw message