]> git.pld-linux.org Git - packages/apache.git/blob - apache-CVE-2005-3352.patch
projects / packages / apache.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
- added less-libs.patch and CVE-2005-3352.patch
[packages/apache.git] / apache-CVE-2005-3352.patch
1 Index: src/modules/standard/mod_imap.c
2 ===================================================================
3 --- src/modules/standard/mod_imap.c     (revision 330526)
4 +++ src/modules/standard/mod_imap.c     (working copy)
5 @@ -328,7 +328,7 @@
6      if (!strcasecmp(value, "referer")) {
7          referer = ap_table_get(r->headers_in, "Referer");
8          if (referer && *referer) {
9 -           return ap_pstrdup(r->pool, referer);
10 +           return ap_escape_html(r->pool, referer);
11          }
12          else {
13             /* XXX:  This used to do *value = '\0'; ... which is totally bogus
14 Index: src/main/util.c
15 ===================================================================
16 --- src/main/util.c     (revision 330526)
17 +++ src/main/util.c     (working copy)
18 @@ -1722,6 +1722,8 @@
19             j += 3;
20         else if (s[i] == '&')
21             j += 4;
22 +       else if (s[i] == '"')
23 +           j += 5;
24  
25      if (j == 0)
26         return ap_pstrndup(p, s, i);
27 @@ -1740,6 +1742,10 @@
28             memcpy(&x[j], "&", 5);
29             j += 4;
30         }
31 +       else if (s[i] == '"') {
32 +           memcpy(&x[j], """, 6);
33 +           j += 5;
34 +       }
35         else
36             x[j] = s[i];
37  
The most widely used Web server on the Internet
This page took 0.026 seconds and 3 git commands to generate.