From: Ruediger Pluem Date: Sat, 15 Dec 2007 08:42:11 +0000 (+0000) Subject: * Correctly terminate string in SSL client certificate extensions X-Git-Tag: 2.2.7~94 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b1264a3954665ed2d26794c488f9590a97a8dc68;p=thirdparty%2Fapache%2Fhttpd.git * Correctly terminate string in SSL client certificate extensions parsing by ensuring that it always has a \0 at the end. PR: PR 44073 Submitted by: yl Reviewed by: rpluem, jorton, trawick git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@604403 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index f507b015687..aa043e13a2f 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,9 @@ Changes with Apache 2.2.7 This has no security impact since the browser cannot be tricked into sending arbitrary method strings. [Jeff Trawick] + *) mod_ssl: Fix SSL client certificate extensions parsing bug. PR 44073. + [yl ] + *) mod_proxy_ajp: Use 64K as maximum AJP packet size. This is the maximum length we can squeeze inside the AJP message packet. [Mladen Turk] diff --git a/STATUS b/STATUS index a82fc162cc9..d90395ff440 100644 --- a/STATUS +++ b/STATUS @@ -79,18 +79,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - * mod_ssl: Correctly terminate string in SSL client certificate extensions - parsing by ensuring that it always has a \0 at the end. - PR: 44073 - Trunk version of patch: - Trunk changed in http://svn.apache.org/viewvc?view=rev&revision=289444 - in a way that IMHO is not backportable (due to the changes done in - mod_ssl.h). - Backport version for 2.2.x of patch: - http://people.apache.org/~rpluem/patches/foreign_patches/44073_2.2.x.diff - +1: rpluem, jorton, trawick - jorton: s/pstrndup/pstrmemdup/ would be better but it works either way - PATCHES PROPOSED TO BACKPORT FROM TRUNK: [ New proposals should be added at the end of the list ] diff --git a/modules/ssl/ssl_expr_eval.c b/modules/ssl/ssl_expr_eval.c index b6965f315bf..f9d6f5ecb47 100644 --- a/modules/ssl/ssl_expr_eval.c +++ b/modules/ssl/ssl_expr_eval.c @@ -239,7 +239,7 @@ apr_array_header_t *ssl_extlist_by_oid(request_rec *r, const char *oidstr) BIO_get_mem_ptr(bio, &buf); - *new = apr_pstrdup(r->pool, buf->data); + *new = apr_pstrmemdup(r->pool, buf->data, buf->length); } BIO_vfree(bio);