From: kloczek Date: Wed, 9 Apr 2003 20:47:22 +0000 (+0000) Subject: Patch from: http://dl.sourceforge.net/sourceforge/accessreferer/mod_access_referer_1... X-Git-Tag: STABLE~2 X-Git-Url: http://git.pld-linux.org/gitweb.cgi?a=commitdiff_plain;h=37f88b4d1ca6e0f1679943739261b671fc066d42;hp=3169ecfe8a931db58b575da16fbcf52479f6e719;p=packages%2Fapache1-mod_access_referer.git Patch from: http://dl.sourceforge.net/sourceforge/accessreferer/mod_access_referer_1.0.2_third_part_patch.txt Comment from thic file: mod_access_referer contains a null-pinter dereferences vulnerability that may possibly be used in denial of service attacks. While the impact of this vulnerability is considered low-risk, we advise you to apply the following patch Thans to Niels Heinen for inform about this fix. Changed files: mod_access_referer_1.0.2_third_part_patch.txt -> 1.1 --- diff --git a/mod_access_referer_1.0.2_third_part_patch.txt b/mod_access_referer_1.0.2_third_part_patch.txt new file mode 100644 index 0000000..1209923 --- /dev/null +++ b/mod_access_referer_1.0.2_third_part_patch.txt @@ -0,0 +1,21 @@ +Some kind guy sent to me the next information. This WAS NOT revised or audited by the author, but it could help other people. So, enjoy!: + +----------------------------------------------------------------------- + +mod_access_referer contains a null-pinter dereferences vulnerability that may possibly be used in denial of service attacks. While the impact of this vulnerability is considered low-risk, we advise you to apply the following patch: + +--- mod_access_referer.c.org Wed Apr 9 19:27:00 2003 ++++ mod_access_referer.c Wed Apr 9 19:36:20 2003 +@@ -492,6 +492,10 @@ + (r->headers_in, + "Referer"), + &uptr); ++ if(uptr.hostname == NULL) { ++ return 0; ++ } ++ + if (!is_ip (uptr.hostname)) { + /* XX resolv the domain name */ + got_refererhost_ip = 1; + +