cvs commit: apr-util/test testuri.c

15 Sep 2004 11:34:27 -0000 

jorton      2004/09/15 04:34:24

  Modified:    .        Tag: APU_0_9_BRANCH CHANGES
               uri      Tag: APU_0_9_BRANCH apr_uri.c
               test     Tag: APU_0_9_BRANCH testuri.c
  Log:
  Backport from HEAD:
  
  * uri/apr_uri.c (apr_parse_uri): Fix input validation to avoid
  passing negative length to memcpy for malformed IPv6 literal
  addresses.
  
  * test/testuri.c: Add tests for such malformed URIs.
  
  Reviewed by: trawick, madhum
  
  Revision  Changes    Path
  No                   revision
  No                   revision
  1.117.2.12 +5 -0      apr-util/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/apr-util/CHANGES,v
  retrieving revision 1.117.2.11
  retrieving revision 1.117.2.12
  diff -d -w -u -r1.117.2.11 -r1.117.2.12
  --- CHANGES   1 Sep 2004 10:17:39 -0000       1.117.2.11
  +++ CHANGES   15 Sep 2004 11:34:24 -0000      1.117.2.12
  @@ -1,5 +1,10 @@
   Changes with APR-util 0.9.5
   
  +  *) SECURITY: CAN-2004-0786 (cve.mitre.org)
  +     Fix input validation in apr_uri_parse() to avoid passing negative
  +     length to memcpy for malformed IPv6 literal addresses.
  +     [Joe Orton]
  +
     *) Fix build issues in paths containing symlinks.  PR 8867.
        [Joe Orton]
   
  
  
  
  No                   revision
  No                   revision
  1.17.2.2  +5 -5      apr-util/uri/apr_uri.c
  
  Index: apr_uri.c
  ===================================================================
  RCS file: /home/cvs/apr-util/uri/apr_uri.c,v
  retrieving revision 1.17.2.1
  retrieving revision 1.17.2.2
  diff -d -w -u -r1.17.2.1 -r1.17.2.2
  --- apr_uri.c 13 Feb 2004 09:52:44 -0000      1.17.2.1
  +++ apr_uri.c 15 Sep 2004 11:34:24 -0000      1.17.2.2
  @@ -307,11 +307,11 @@
           if (*hostinfo == '[') {
               v6_offset1 = 1;
               v6_offset2 = 2;
  -            s = uri;
  -            do {
  -                --s;
  -            } while (s >= hostinfo && *s != ':' && *s != ']');
  -            if (s < hostinfo || *s == ']') {
  +            s = memchr(hostinfo, ']', uri - hostinfo);
  +            if (s == NULL) {
  +                return APR_EGENERAL;
  +            }
  +            if (*++s != ':') {
                   s = NULL; /* no port */
               }
           }
  
  
  
  No                   revision
  No                   revision
  1.3.2.2   +5 -0      apr-util/test/testuri.c
  
  Index: testuri.c
  ===================================================================
  RCS file: /home/cvs/apr-util/test/testuri.c,v
  retrieving revision 1.3.2.1
  retrieving revision 1.3.2.2
  diff -d -w -u -r1.3.2.1 -r1.3.2.2
  --- testuri.c 13 Feb 2004 09:52:44 -0000      1.3.2.1
  +++ testuri.c 15 Sep 2004 11:34:24 -0000      1.3.2.2
  @@ -36,6 +36,11 @@
   
   struct aup_test aup_tests[] =
   {
  +    { "http://[/::1]/index.html";, APR_EGENERAL },
  +    { "http://[";, APR_EGENERAL },
  +    { "http://[?::1]/index.html";, APR_EGENERAL },
  +
  +
       {
           "http://127.0.0.1:9999/asdf.html";,
           0, "http", "127.0.0.1:9999", NULL, NULL, "127.0.0.1", "9999", 
"/asdf.html", NULL, NULL, 9999

Reply via email to