http://dl.sourceforge.net/sourceforge/accessreferer/mod_access_referer_1.0.2_third_part_patch.txt
(fixed rejection by s/<spaces>/<tabs>/)
Comment from this file:
mod_access_referer contains a null-pinter dereferences vulnerability that
may possibly be used in denial of service attacks. While the impact of
this vulnerability is considered low-risk, we advise you to apply the
following patch.
Thans to Niels Heinen <zillion@safemode.org> for inform about this fix.
Changed files:
mod_access_referer_1.0.2_third_part_patch.txt -> 1.2
--- mod_access_referer.c.org Wed Apr 9 19:27:00 2003
+++ mod_access_referer.c Wed Apr 9 19:36:20 2003
@@ -492,6 +492,10 @@
- (r->headers_in,
- "Referer"),
- &uptr);
-+ if(uptr.hostname == NULL) {
-+ return 0;
-+ }
+ (r->headers_in,
+ "Referer"),
+ &uptr);
++ if(uptr.hostname == NULL) {
++ return 0;
++ }
+
- if (!is_ip (uptr.hostname)) {
- /* XX resolv the domain name */
- got_refererhost_ip = 1;
-
-
+ if (!is_ip (uptr.hostname)) {
+ /* XX resolv the domain name */
+ got_refererhost_ip = 1;