WARNING! Gitlab maintenance operation scheduled for Thursday, 18 June between 19:00 and 20:00 (CET). During this time window, short service interruptions (less than 5 minutes) may occur. Thank you in advance for your understanding.

Commit 5e490dde authored Jul 27, 2006 by Mark J. Cox

SECURITY: CVE-2006-3747 (cve.mitre.org)

mod_rewrite: Fix an off-by-one security problem in the ldap scheme
handling. For some RewriteRules this could lead to a pointer being
written out of bounds. Reported by Mark Dowd of McAfee.

Reviewed by: trawick, lars, jorton, wrowe, benl

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@426146 13f79535-47bb-0310-9956-ffa450edef68

parent 37d03a93

src/CHANGES

+6 −0

Original line number	Diff line number	Diff line
		Changes with Apache 1.3.37

		*) SECURITY: CVE-2006-3747 (cve.mitre.org)
		mod_rewrite: Fix an off-by-one security problem in the ldap scheme
		handling. For some RewriteRules this could lead to a pointer being
		written out of bounds. Reported by Mark Dowd of McAfee.
		[Mark Cox]

		Changes with Apache 1.3.36

		*) Reverted SVN rev #396294 due to unwanted regression.

src/modules/standard/mod_rewrite.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -2736,7 +2736,7 @@ static char escape_absolute_uri(ap_pool p, char *uri, unsigned scheme)
		int c = 0;

		token[0] = cp = ap_pstrdup(p, cp);
		while (*cp && c < 5) {
		while (*cp && c < 4) {
		if (*cp == '?') {
		token[++c] = cp + 1;
		*cp = '\0';