Author: glen Date: Tue Feb 7 18:37:38 2006 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache
httpd before 1.3.35-dev
---- Files affected:
SOURCES:
apache1-CVE-2005-3352.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/apache1-CVE-2005-3352.patch
diff -u /dev/null SOURCES/apache1-CVE-2005-3352.patch:1.1
--- /dev/null Tue Feb 7 19:37:38 2006
+++ SOURCES/apache1-CVE-2005-3352.patch Tue Feb 7 19:37:33 2006
@@ -0,0 +1,37 @@
+Index: src/modules/standard/mod_imap.c
+===================================================================
+--- src/modules/standard/mod_imap.c (revision 330526)
++++ src/modules/standard/mod_imap.c (working copy)
+@@ -328,7 +328,7 @@
+ if (!strcasecmp(value, "referer")) {
+ referer = ap_table_get(r->headers_in, "Referer");
+ if (referer && *referer) {
+- return ap_pstrdup(r->pool, referer);
++ return ap_escape_html(r->pool, referer);
+ }
+ else {
+ /* XXX: This used to do *value = '\0'; ... which is totally bogus
+Index: src/main/util.c
+===================================================================
+--- src/main/util.c (revision 330526)
++++ src/main/util.c (working copy)
+@@ -1722,6 +1722,8 @@
+ j += 3;
+ else if (s[i] == '&')
+ j += 4;
++ else if (s[i] == '"')
++ j += 5;
+
+ if (j == 0)
+ return ap_pstrndup(p, s, i);
+@@ -1740,6 +1742,10 @@
+ memcpy(&x[j], "&", 5);
+ j += 4;
+ }
++ else if (s[i] == '"') {
++ memcpy(&x[j], """, 6);
++ j += 5;
++ }
+ else
+ x[j] = s[i];
+
================================================================
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
