mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
the FTP URL. Discovered by Marc Bevand of Rapid7. [Ruediger Pluem]
+ *) mod_ssl: Do not do overlapping memcpy. PR 45444 [Joe Orton]
+
*) Add Set-Cookie and Set-Cookie2 to the list of headers allowed to pass
through on a 304 response. [Nick Kew]
http://people.apache.org/~rjung/patches/cve-2009-3555_httpd_2_0_x-backport-r891282.patch
+1: rjung, pgollucci (+1 2.0.64 w/ this), wrowe
- * mod_ssl: Use memmove instead of memcpy for overlapping buffers
- Trunk patch: http://svn.apache.org/viewvc?view=rev&revision=683280
- 2.0.x patch: Trunk patch works
- +1: sf, jorton, trawick
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ please place SVN revisions from trunk here, so it is easy to
identify exactly what the proposed changes are! Add all new
* this char_buffer api might seem silly, but we don't need to copy
* any of this data and we need to remember the length.
*/
+
+/* Copy up to INL bytes from the char_buffer BUFFER into IN. Note
+ * that due to the strange way this API is designed/used, the
+ * char_buffer object is used to cache a segment of inctx->buffer, and
+ * then this function called to copy (part of) that segment to the
+ * beginning of inctx->buffer. So the segments to copy cannot be
+ * presumed to be non-overlapping, and memmove must be used. */
static int char_buffer_read(char_buffer_t *buffer, char *in, int inl)
{
if (!buffer->length) {
if (buffer->length > inl) {
/* we have have enough to fill the caller's buffer */
- memcpy(in, buffer->value, inl);
+ memmove(in, buffer->value, inl);
buffer->value += inl;
buffer->length -= inl;
}
else {
/* swallow remainder of the buffer */
- memcpy(in, buffer->value, buffer->length);
+ memmove(in, buffer->value, buffer->length);
inl = buffer->length;
buffer->value = NULL;
buffer->length = 0;
projects / thirdparty / apache / httpd.git / commitdiff
