On Wed, Nov 23, 2005 at 10:31:21PM +0200, BY wrote: > I have checked and searched lists to find any information about > CAN-2004-0700 affecting or not default apache on 3.8, i am sure that the > version is fully modified and is not affected by subject CAN. But i > need a proof of concept on that. maybe a cvs link could help. Any ideas? > thnx
This is a funny one. Diff mod_ssl 2.8.18 and 2.8.19 and you'll get the fix for the format string bug (inline at the end of this email). Look at src/usr.sbin/httpd/src/modules/ssl/ssl_engine_ext.c and you'll see we have this fix. Look at the cvs log for revision 1.10 of that file, and you'll see this: revision 1.10 date: 2003/06/01 15:53:41; author: deraadt; state: Exp; lines: +1 -1 various format string cleanups; tedu ok Note the date; fixed in OpenBSD over a year before the mod_ssl people fixed it. [http://marc.theaimsgroup.com/?l=apache-modssl&m=109001100906749&w=2] diff -u mod_ssl-2.8.18-1.3.31/pkg.sslmod/libssl.version ./libssl.version @@ -1 +1 @@ -mod_ssl/2.8.18-1.3.31 +mod_ssl/2.8.19-1.3.31 diff -u mod_ssl-2.8.18-1.3.31/pkg.sslmod/ssl_engine_ext.c ./ssl_engine_ext.c --- mod_ssl-2.8.18-1.3.31/pkg.sslmod/ssl_engine_ext.c Tue May 11 19:39:40 2004 +++ ./ssl_engine_ext.c Fri Jul 16 08:57:33 2004 @@ -524,7 +524,7 @@ #endif errmsg = ap_psprintf(r->pool, "SSL proxy connect failed (%s): peer %s: %s", cpVHostID, peer, ERR_reason_error_string(ERR_get_error())); - ssl_log(r->server, SSL_LOG_ERROR, errmsg); + ssl_log(r->server, SSL_LOG_ERROR, "%s", errmsg); SSL_free(ssl); ap_ctx_set(fb->ctx, "ssl", NULL); return errmsg;
