Comment from thic file:
mod_access_referer contains a null-pinter dereferences vulnerability that
may possibly be used in denial of service attacks. While the impact of
this vulnerability is considered low-risk, we advise you to apply the
following patch
Thans to Niels Heinen <zillion@safemode.org> for inform about this fix.
Changed files:
mod_access_referer_1.0.2_third_part_patch.txt -> 1.1
--- /dev/null
+Some kind guy sent to me the next information. This WAS NOT revised or audited by the author, but it could help other people. So, enjoy!:
+
+-----------------------------------------------------------------------
+
+mod_access_referer contains a null-pinter dereferences vulnerability that may possibly be used in denial of service attacks. While the impact of this vulnerability is considered low-risk, we advise you to apply the following patch:
+
+--- mod_access_referer.c.org Wed Apr 9 19:27:00 2003
++++ mod_access_referer.c Wed Apr 9 19:36:20 2003
+@@ -492,6 +492,10 @@
+ (r->headers_in,
+ "Referer"),
+ &uptr);
++ if(uptr.hostname == NULL) {
++ return 0;
++ }
++
+ if (!is_ip (uptr.hostname)) {
+ /* XX resolv the domain name */
+ got_refererhost_ip = 1;
+
+
projects / packages / apache1-mod_access_referer.git / commitdiff