From: Rainer Jung <rjung@apache.org>
Date: Wed, 3 Oct 2012 16:13:16 +0000 (+0000)
Subject: Revert commit r1392042.
X-Git-Tag: 2.0.65~55
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=95a74702047df2df57e7b4b8df412f2267d46b38;p=thirdparty%2Fapache%2Fhttpd.git

Revert commit r1392042.
It was voted as backport of r1227280 from 2.2.x,
instead applied was r1198940 from trunk, which
breaks compilation (wrong return type, non-existing
APR macro). The 2.2 revision has these fixed.

Will apply the 2.2 revision next, since the vote
was actually for that one.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@1393578 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 0baf09574f0..39a07a0a690 100644
--- a/CHANGES
+++ b/CHANGES
@@ -11,10 +11,6 @@ Changes with Apache 2.0.65
      could cause the parent to crash at shutdown rather than terminate 
      cleanly.  [Joe Orton]
 
-  *) SECURITY: CVE-2011-3607 (cve.mitre.org)
-     core: Fix integer overflow in ap_pregsub. This can be triggered e.g.
-     with mod_setenvif via a malicious .htaccess. [Stefan Fritsch]
-
   *) SECURITY: CVE-2011-3368 (cve.mitre.org)
      Reject requests where the request-URI does not match the HTTP
      specification, preventing unexpected expansion of target URLs in
diff --git a/STATUS b/STATUS
index 8bce61b8fe8..dffaac19053 100644
--- a/STATUS
+++ b/STATUS
@@ -129,6 +129,13 @@ RELEASE SHOWSTOPPERS:
             More eyes welcome.
      jim: not a showstopper, imo
 
+  *) SECURITY: CVE-2011-3607 (cve.mitre.org)
+     Fix integer overflow in ap_pregsub() which, when the mod_setenvif module
+     is enabled, could allow local users to gain privileges via a .htaccess
+     file. [Stefan Fritsch, Greg Ames]
+     From 2.2.x; http://svn.apache.org/viewvc?view=revision&revision=1227280
+       +1: gregames, wrowe, trawick
+
   *) SECURITY: CVE-2011-4317 (cve.mitre.org)
      Resolve additional cases of URL rewriting with ProxyPassMatch or
      RewriteRule, where particular request-URIs could result in undesired
diff --git a/server/util.c b/server/util.c
index 84840f7974e..a64f3bf973f 100644
--- a/server/util.c
+++ b/server/util.c
@@ -410,8 +410,6 @@ AP_DECLARE(char *) ap_pregsub(apr_pool_t *p, const char *input,
             len++;
         }
         else if (no < nmatch && pmatch[no].rm_so < pmatch[no].rm_eo) {
-            if (APR_SIZE_MAX - len <= pmatch[no].rm_eo - pmatch[no].rm_so)
-                return APR_ENOMEM;
             len += pmatch[no].rm_eo - pmatch[no].rm_so;
         }