3 Date: Mon Dec 12 09:27:59 2005
6 URL: http://svn.apache.org/viewcvs?rev=356291&view=rev
8 Fix moderate security issue CVE-2005-3352 mod_imap cross-site scripting flaw
10 Submitted by: Mark Cox <mjc apache.org>
11 Reviewed by: jorton, mjc, fielding
14 --- httpd-2.2.0/modules/mappers/mod_imagemap.c.cve3352
15 +++ httpd-2.2.0/modules/mappers/mod_imagemap.c
17 if (!strcasecmp(value, "referer")) {
18 referer = apr_table_get(r->headers_in, "Referer");
19 if (referer && *referer) {
20 - return apr_pstrdup(r->pool, referer);
21 + return ap_escape_html(r->pool, referer);
24 /* XXX: This used to do *value = '\0'; ... which is totally bogus
25 --- httpd-2.2.0/server/util.c.cve3352
26 +++ httpd-2.2.0/server/util.c
31 + else if (s[i] == '"')
35 return apr_pstrmemdup(p, s, i);
36 @@ -1766,6 +1768,10 @@
37 memcpy(&x[j], "&", 5);
40 + else if (s[i] == '"') {
41 + memcpy(&x[j], """, 6);