From e722c29e35ec9a3ba1835df30335b5058d708df9 Mon Sep 17 00:00:00 2001 From: Joe Orton Date: Wed, 8 Jun 2005 09:08:09 +0000 Subject: [PATCH] Merge r179781 from trunk: * modules/ssl/ssl_engine_kernel.c (ssl_callback_SSLVerify_CRL): Fix off-by-one. PR: 35081 Submitted by: Marc Stern Reviewed by: jorton, trawick, pquerna git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@189562 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 5 +++++ STATUS | 5 ----- modules/ssl/ssl_engine_kernel.c | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index 384dbbe6dd8..d6b1de84ede 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,10 @@ Changes with Apache 2.0.55 + *) SECURITY: CAN-2005-1268 (cve.mitre.org) + mod_ssl: Fix off-by-one overflow whilst printing CRL information + at "LogLevel debug" which could be triggered if configured + to use a "malicious" CRL. PR 35081. [Marc Stern ] + *) mod_userdir: Fix possible memory corruption issue. PR 34588. [David Leonard ] diff --git a/STATUS b/STATUS index c0635397885..c49607f7fcf 100644 --- a/STATUS +++ b/STATUS @@ -268,11 +268,6 @@ PATCHES TO BACKPORT FROM TRUNK: http://svn.apache.org/viewcvs?rev=179622&view=rev +1: trawick - *) mod_ssl: Fix off-by-one, CVE CAN-2005-1268. - PR: 35081 - http://svn.apache.org/viewcvs?rev=179781&view=rev - +1: jorton, trawick, pquerna - *) mod_cache: Fix handling of 'Vary: *". PR 16125. Trunk: r180341 2.0.x Patch: http://issues.apache.org/bugzilla/attachment.cgi?id=15297 diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index 48da7405049..268079bd5c7 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -1398,7 +1398,7 @@ int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, conn_rec *c) BIO_printf(bio, ", nextUpdate: "); ASN1_UTCTIME_print(bio, X509_CRL_get_nextUpdate(crl)); - n = BIO_read(bio, buff, sizeof(buff)); + n = BIO_read(bio, buff, sizeof(buff) - 1); buff[n] = '\0'; BIO_free(bio); -- 2.47.2