From 806ac54356911ffea6ded62c98aca6cbc5b0fef2 Mon Sep 17 00:00:00 2001 From: Jakub Bogusz Date: Fri, 12 May 2006 07:03:24 +0000 Subject: [PATCH] - outdated Changed files: apache-CVE-2005-3352.patch -> 1.4 apache-CVE-2005-3357.patch -> 1.4 --- apache-CVE-2005-3352.patch | 46 -------------------------------------- apache-CVE-2005-3357.patch | 36 ----------------------------- 2 files changed, 82 deletions(-) delete mode 100644 apache-CVE-2005-3352.patch delete mode 100644 apache-CVE-2005-3357.patch diff --git a/apache-CVE-2005-3352.patch b/apache-CVE-2005-3352.patch deleted file mode 100644 index 8939eb1..0000000 --- a/apache-CVE-2005-3352.patch +++ /dev/null @@ -1,46 +0,0 @@ - -Author: mjc -Date: Mon Dec 12 09:27:59 2005 -New Revision: 356291 - -URL: http://svn.apache.org/viewcvs?rev=356291&view=rev -Log: -Fix moderate security issue CVE-2005-3352 mod_imap cross-site scripting flaw - -Submitted by: Mark Cox -Reviewed by: jorton, mjc, fielding -PR: 37874 - ---- httpd-2.2.0/modules/mappers/mod_imagemap.c.cve3352 -+++ httpd-2.2.0/modules/mappers/mod_imagemap.c -@@ -342,7 +342,7 @@ - if (!strcasecmp(value, "referer")) { - referer = apr_table_get(r->headers_in, "Referer"); - if (referer && *referer) { -- return apr_pstrdup(r->pool, referer); -+ return ap_escape_html(r->pool, referer); - } - else { - /* XXX: This used to do *value = '\0'; ... which is totally bogus ---- httpd-2.2.0/server/util.c.cve3352 -+++ httpd-2.2.0/server/util.c -@@ -1748,6 +1748,8 @@ - j += 3; - else if (s[i] == '&') - j += 4; -+ else if (s[i] == '"') -+ j += 5; - - if (j == 0) - return apr_pstrmemdup(p, s, i); -@@ -1766,6 +1768,10 @@ - memcpy(&x[j], "&", 5); - j += 4; - } -+ else if (s[i] == '"') { -+ memcpy(&x[j], """, 6); -+ j += 5; -+ } - else - x[j] = s[i]; - diff --git a/apache-CVE-2005-3357.patch b/apache-CVE-2005-3357.patch deleted file mode 100644 index f365965..0000000 --- a/apache-CVE-2005-3357.patch +++ /dev/null @@ -1,36 +0,0 @@ - -Author: jorton -Date: Fri Jan 13 06:21:42 2006 -New Revision: 368730 - -URL: http://svn.apache.org/viewcvs?rev=368730&view=rev -Log: -Merge r354394 from trunk: - -* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Omit further -access control checks if SSL is not in use regardless of vhost -settings. - -Submitted by: Rüdiger Plüm, Joe Orton -Reviewed by: rpluem, jorton, jim -PR: 37791 - ---- httpd-2.2.0/modules/ssl/ssl_engine_kernel.c.cve3357 -+++ httpd-2.2.0/modules/ssl/ssl_engine_kernel.c -@@ -202,11 +202,14 @@ - } - - /* -- * Check to see if SSL protocol is on -+ * Check to see whether SSL is in use; if it's not, then no -+ * further access control checks are relevant. (the test for -+ * sc->enabled is probably strictly unnecessary) - */ -- if (!((sc->enabled == SSL_ENABLED_TRUE) || (sc->enabled == SSL_ENABLED_OPTIONAL) || ssl)) { -+ if (sc->enabled == SSL_ENABLED_FALSE || !ssl) { - return DECLINED; - } -+ - /* - * Support for per-directory reconfigured SSL connection parameters. - * -- 2.44.0