From hunter@knight.ura.org.ua Thu Oct 5 18:41:50 2006 Return-Path: Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AA56016A407 for ; Thu, 5 Oct 2006 18:41:50 +0000 (UTC) (envelope-from hunter@knight.ura.org.ua) Received: from knight.ura.org.ua (knight.ura.org.ua [195.128.16.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2BA8C43D49 for ; Thu, 5 Oct 2006 18:41:48 +0000 (GMT) (envelope-from hunter@knight.ura.org.ua) Received: from knight.ura.org.ua (localhost.ura.org.ua [127.0.0.1]) by knight.ura.org.ua (8.13.4/8.13.4) with ESMTP id k95Ifkl6065799 for ; Thu, 5 Oct 2006 21:41:47 +0300 (EEST) (envelope-from hunter@knight.ura.org.ua) Received: (from hunter@localhost) by knight.ura.org.ua (8.13.4/8.13.4/Submit) id k95IffWn065798; Thu, 5 Oct 2006 21:41:41 +0300 (EEST) (envelope-from hunter) Message-Id: <200610051841.k95IffWn065798@knight.ura.org.ua> Date: Thu, 5 Oct 2006 21:41:41 +0300 (EEST) From: Sergey Smitienko Reply-To: Sergey Smitienko To: FreeBSD-gnats-submit@freebsd.org Cc: Subject: [patch] mod_rewrite buffer overflow fix for russian apache X-Send-Pr-Version: 3.113 X-GNATS-Notify: >Number: 104027 >Category: ports >Synopsis: [patch] mod_rewrite buffer overflow fix for russian apache >Confidential: no >Severity: non-critical >Priority: medium >Responsible: lev >State: closed >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Thu Oct 05 18:50:16 GMT 2006 >Closed-Date: Wed Nov 01 13:18:02 GMT 2006 >Last-Modified: Wed Nov 01 13:18:02 GMT 2006 >Originator: Sergey Smitienko >Release: FreeBSD 6.0-RELEASE-p6 i386 >Organization: URA Internet >Environment: System: FreeBSD knight.ura.org.ua 6.0-RELEASE-p6 FreeBSD 6.0-RELEASE-p6 #3: Thu Jun 8 18:40:25 EEST 2006 root@knight.ura.org.ua:/usr/obj/usr/src/sys/KNIGHT i386 >Description: russian apache is a little bit behind of normal apache 1.3 and there is no offitial "russian" patch for latest apache 1.3 versions. So, there is no offitial version of russian apache with mod_rewrite buffer overflow fixed. >How-To-Repeat: install russian apache >Fix: I believe community can continue using the older russian apache with the following patch installed. --- patch-bc begins here --- --- src/modules/standard/mod_rewrite.c.orig Tue Sep 12 14:01:04 2006 +++ src/modules/standard/mod_rewrite.c Wed Nov 24 21:10:19 2004 @@ -2735,7 +2735,7 @@ int c = 0; token[0] = cp = ap_pstrdup(p, cp); - while (*cp && c < 5) { + while (*cp && c < 4) { if (*cp == '?') { token[++c] = cp + 1; *cp = '\0'; --- patch-bc ends here --- >Release-Note: >Audit-Trail: Responsible-Changed-From-To: freebsd-ports-bugs->lev Responsible-Changed-By: pav Responsible-Changed-When: Sat Oct 7 10:01:04 UTC 2006 Responsible-Changed-Why: If this is about russian/apache13, assign to maintainer http://www.freebsd.org/cgi/query-pr.cgi?pr=104027 State-Changed-From-To: open->closed State-Changed-By: lev State-Changed-When: Wed Nov 1 13:17:27 UTC 2006 State-Changed-Why: ru-apache was upgraded to version without buffer overflow. http://www.freebsd.org/cgi/query-pr.cgi?pr=104027 >Unformatted: