From: hawk <hawk@pld-linux.org>
Date: Wed, 8 Feb 2006 20:23:54 +0000 (+0000)
Subject: - taken apache1-CVE-2005-3352.patch for Ra
X-Git-Tag: apache-1_3_34-2~1
X-Git-Url: http://git.pld-linux.org/?p=packages%2Fapache.git;a=commitdiff_plain;h=de0fe3646e06bcbb17b71292a8083b8731198219

- taken apache1-CVE-2005-3352.patch for Ra

Changed files:
    apache-CVE-2005-3352.patch -> 1.1.4.1
---

diff --git a/apache-CVE-2005-3352.patch b/apache-CVE-2005-3352.patch
index 2347338..11a2152 100644
--- a/apache-CVE-2005-3352.patch
+++ b/apache-CVE-2005-3352.patch
@@ -1,35 +1,37 @@
-http://bugs.gentoo.org/show_bug.cgi?id=118875
-
---- server/util.c	(revision 330526)
-+++ server/util.c	(working copy)
-@@ -1762,6 +1762,8 @@
-             j += 3;
-         else if (s[i] == '&')
-             j += 4;
-+        else if (s[i] == '"')
-+            j += 5;
- 
-     if (j == 0)
-         return apr_pstrmemdup(p, s, i);
-@@ -1780,6 +1782,10 @@
-             memcpy(&x[j], "&amp;", 5);
-             j += 4;
-         }
-+        else if (s[i] == '"') {
-+            memcpy(&x[j], "&quot;", 6);
-+            j += 5;
-+        }
-         else
-             x[j] = s[i];
- 
---- modules/mappers/mod_imap.c	(revision 330526)
-+++ modules/mappers/mod_imap.c	(working copy)
-@@ -342,7 +342,7 @@
+Index: src/modules/standard/mod_imap.c
+===================================================================
+--- src/modules/standard/mod_imap.c	(revision 330526)
++++ src/modules/standard/mod_imap.c	(working copy)
+@@ -328,7 +328,7 @@
      if (!strcasecmp(value, "referer")) {
-         referer = apr_table_get(r->headers_in, "Referer");
+         referer = ap_table_get(r->headers_in, "Referer");
          if (referer && *referer) {
--	    return apr_pstrdup(r->pool, referer);
+-	    return ap_pstrdup(r->pool, referer);
 +	    return ap_escape_html(r->pool, referer);
          }
          else {
  	    /* XXX:  This used to do *value = '\0'; ... which is totally bogus
+Index: src/main/util.c
+===================================================================
+--- src/main/util.c	(revision 330526)
++++ src/main/util.c	(working copy)
+@@ -1722,6 +1722,8 @@
+ 	    j += 3;
+ 	else if (s[i] == '&')
+ 	    j += 4;
++	else if (s[i] == '"')
++	    j += 5;
+ 
+     if (j == 0)
+ 	return ap_pstrndup(p, s, i);
+@@ -1740,6 +1742,10 @@
+ 	    memcpy(&x[j], "&amp;", 5);
+ 	    j += 4;
+ 	}
++	else if (s[i] == '"') {
++	    memcpy(&x[j], "&quot;", 6);
++	    j += 5;
++	}
+ 	else
+ 	    x[j] = s[i];
+