]>
Commit | Line | Data |
---|---|---|
37f88b4d | 1 | Some kind guy sent to me the next information. This WAS NOT revised or audited by the author, but it could help other people. So, enjoy!: |
2 | ||
3 | ----------------------------------------------------------------------- | |
4 | ||
5 | mod_access_referer contains a null-pinter dereferences vulnerability that may possibly be used in denial of service attacks. While the impact of this vulnerability is considered low-risk, we advise you to apply the following patch: | |
6 | ||
7 | --- mod_access_referer.c.org Wed Apr 9 19:27:00 2003 | |
8 | +++ mod_access_referer.c Wed Apr 9 19:36:20 2003 | |
9 | @@ -492,6 +492,10 @@ | |
10e0ea19 | 10 | (r->headers_in, |
11 | "Referer"), | |
12 | &uptr); | |
13 | + if(uptr.hostname == NULL) { | |
14 | + return 0; | |
15 | + } | |
37f88b4d | 16 | + |
10e0ea19 | 17 | if (!is_ip (uptr.hostname)) { |
18 | /* XX resolv the domain name */ | |
19 | got_refererhost_ip = 1; |