httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jor...@apache.org
Subject svn commit: r1165268 - /httpd/httpd/trunk/modules/http/byterange_filter.c
Date Mon, 05 Sep 2011 12:59:07 GMT
Author: jorton
Date: Mon Sep  5 12:59:07 2011
New Revision: 1165268

URL: http://svn.apache.org/viewvc?rev=1165268&view=rev
Log:
* modules/http/byterange_filter.c (ap_byterange_filter): Don't reveal
  the pid in the boundary delimiter (part of CVE-2003-1418).

Modified:
    httpd/httpd/trunk/modules/http/byterange_filter.c

Modified: httpd/httpd/trunk/modules/http/byterange_filter.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http/byterange_filter.c?rev=1165268&r1=1165267&r2=1165268&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/http/byterange_filter.c (original)
+++ httpd/httpd/trunk/modules/http/byterange_filter.c Mon Sep  5 12:59:07 2011
@@ -273,7 +273,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_
         /* Is ap_make_content_type required here? */
         const char *orig_ct = ap_make_content_type(r, r->content_type);
         boundary = apr_psprintf(r->pool, "%" APR_UINT64_T_HEX_FMT "%lx",
-                                (apr_uint64_t)r->request_time, (long) getpid());
+                                (apr_uint64_t)r->request_time, c->id);
 
         ap_set_content_type(r, apr_pstrcat(r->pool, "multipart",
                                            use_range_x(r) ? "/x-" : "/",



Mime
View raw message