From: Jim Jagielski <jim@apache.org>
Date: Thu, 16 Jun 2016 12:35:58 +0000 (+0000)
Subject: Merge r1748653 from trunk:
X-Git-Tag: 2.4.21~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1c84842e8d60f57feb7b692d4ef74787305d255f;p=thirdparty%2Fapache%2Fhttpd.git

Merge r1748653 from trunk:

Fix a potential buffer overflow.
Submitted by: jailletc36
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1748706 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/STATUS b/STATUS
index 40982ad62ff..46b3d8821b8 100644
--- a/STATUS
+++ b/STATUS
@@ -114,10 +114,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  *) mod_sed: Fix a potential buffer overflow.
-     trunk patch: http://svn.apache.org/r1748653
-     2.4.x: trunk patch works
-     +1: jailletc36, rpluem, jim
 
 
 
diff --git a/modules/filters/sed0.c b/modules/filters/sed0.c
index ddc4bfed8e5..a044f647dba 100644
--- a/modules/filters/sed0.c
+++ b/modules/filters/sed0.c
@@ -588,7 +588,7 @@ jtcommon:
                     command_errf(commands, SEDERR_SMMES, commands->linebuf);
                     return -1;
                 }
-                if (text(commands, fnamebuf, &fnamebuf[APR_PATH_MAX]) == NULL) {
+                if (text(commands, fnamebuf, &fnamebuf[APR_PATH_MAX-1]) == NULL) {
                     command_errf(commands, SEDERR_FNTL, commands->linebuf);
                     return -1;
                 }
@@ -617,7 +617,7 @@ jtcommon:
                 command_errf(commands, SEDERR_SMMES, commands->linebuf);
                 return -1;
             }
-            if (text(commands, fnamebuf, &fnamebuf[APR_PATH_MAX]) == NULL) {
+            if (text(commands, fnamebuf, &fnamebuf[APR_PATH_MAX-1]) == NULL) {
                 command_errf(commands, SEDERR_FNTL, commands->linebuf);
                 return -1;
             }