[packages/apache1-mod_access_referer.git] / mod_access_referer_1.0.2_third_part_patch.txt

Some kind guy sent to me the next information. This WAS NOT revised or audited by the author, but it could help other people. So, enjoy!:

-----------------------------------------------------------------------

mod_access_referer contains a null-pinter dereferences vulnerability that may possibly be used in denial of service attacks. While the impact of this vulnerability is considered low-risk, we advise you to apply the following patch:

--- mod_access_referer.c.org    Wed Apr  9 19:27:00 2003
+++ mod_access_referer.c        Wed Apr  9 19:36:20 2003
@@ -492,6 +492,10 @@
 							 (r->headers_in,
 							  "Referer"),
 							 &uptr);
+				if(uptr.hostname == NULL) {
+					return 0;
+				}
+
 				if (!is_ip (uptr.hostname)) {
 					/* XX resolv the domain name */
 					got_refererhost_ip = 1;
Commit	Line	Data
37f88b4d	1	Some kind guy sent to me the next information. This WAS NOT revised or audited by the author, but it could help other people. So, enjoy!:
	2
	3	-----------------------------------------------------------------------
	4
	5	mod_access_referer contains a null-pinter dereferences vulnerability that may possibly be used in denial of service attacks. While the impact of this vulnerability is considered low-risk, we advise you to apply the following patch:
	6
	7	--- mod_access_referer.c.org Wed Apr 9 19:27:00 2003
	8	+++ mod_access_referer.c Wed Apr 9 19:36:20 2003
	9	@@ -492,6 +492,10 @@
10e0ea19	10	(r->headers_in,
	11	"Referer"),
	12	&uptr);
	13	+ if(uptr.hostname == NULL) {
	14	+ return 0;
	15	+ }
37f88b4d	16	+
10e0ea19	17	if (!is_ip (uptr.hostname)) {
	18	/* XX resolv the domain name */
	19	got_refererhost_ip = 1;