From: Joe Orton Date: Fri, 3 Jun 2005 12:54:53 +0000 (+0000) Subject: * modules/ssl/ssl_engine_kernel.c (ssl_callback_SSLVerify_CRL): Fix X-Git-Tag: 2.1.5~49 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=968bb860f90729601e59d8b2bab747e74dc3d612;p=thirdparty%2Fapache%2Fhttpd.git * modules/ssl/ssl_engine_kernel.c (ssl_callback_SSLVerify_CRL): Fix off-by-one. PR: 35081 Submitted by: Marc Stern git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@179781 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index f7631d8d04f..8eda3ce82d3 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,11 @@ Changes with Apache 2.1.5 [Remove entries to the current 2.0 section below, when backported] + *) SECURITY: CAN-2005-1268 (cve.mitre.org) + mod_ssl: Fix possible crash on printing CRL details when + debugging is enabled, if configured to use a CRL from + a malicious source. PR 35081. [Marc Stern ] + *) proxy FTP: Fix confusion about globbing characters which could lead to getting a directory listing when a file was requested. PR 34512. [Sean ] diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index e2756dcfd0b..03b1e88ce9e 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -1408,7 +1408,7 @@ int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, conn_rec *c) BIO_printf(bio, ", nextUpdate: "); ASN1_UTCTIME_print(bio, X509_CRL_get_nextUpdate(crl)); - n = BIO_read(bio, buff, sizeof(buff)); + n = BIO_read(bio, buff, sizeof(buff) - 1); buff[n] = '\0'; BIO_free(bio);