Commit 17ba5ca0 authored Jun 08, 2005 by Joe Orton

Merge r179781 from trunk:

* modules/ssl/ssl_engine_kernel.c (ssl_callback_SSLVerify_CRL): Fix
off-by-one.

PR: 35081
Submitted by: Marc Stern <mstern csc.com>
Reviewed by: jorton, trawick, pquerna


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@189562 13f79535-47bb-0310-9956-ffa450edef68

parent 2176bab0

CHANGES

+5 −0

Original line number	Diff line number	Diff line
		Changes with Apache 2.0.55

		*) SECURITY: CAN-2005-1268 (cve.mitre.org)
		mod_ssl: Fix off-by-one overflow whilst printing CRL information
		at "LogLevel debug" which could be triggered if configured
		to use a "malicious" CRL. PR 35081. [Marc Stern <mstern csc.com>]

		*) mod_userdir: Fix possible memory corruption issue. PR 34588.
		[David Leonard <dleonard vintela.com>]

STATUS

+0 −5

Original line number	Diff line number	Diff line
		@@ -268,11 +268,6 @@ PATCHES TO BACKPORT FROM TRUNK:
		http://svn.apache.org/viewcvs?rev=179622&view=rev
		+1: trawick

		*) mod_ssl: Fix off-by-one, CVE CAN-2005-1268.
		PR: 35081
		http://svn.apache.org/viewcvs?rev=179781&view=rev
		+1: jorton, trawick, pquerna

		) mod_cache: Fix handling of 'Vary: ". PR 16125.
		Trunk: r180341
		2.0.x Patch: http://issues.apache.org/bugzilla/attachment.cgi?id=15297

modules/ssl/ssl_engine_kernel.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -1398,7 +1398,7 @@ int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX ctx, conn_rec c)
		BIO_printf(bio, ", nextUpdate: ");
		ASN1_UTCTIME_print(bio, X509_CRL_get_nextUpdate(crl));

		n = BIO_read(bio, buff, sizeof(buff));
		n = BIO_read(bio, buff, sizeof(buff) - 1);
		buff[n] = '\0';

		BIO_free(bio);