SECURITY: CVE-2007-3847 (cve.mitre.org) (7f069d40) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

src/CHANGES

+7 −0

Original line number	Diff line number	Diff line
		Changes with Apache 1.3.40

		*) SECURITY: CVE-2007-3847 (cve.mitre.org)
		mod_proxy: Prevent reading past the end of a buffer when parsing
		date-related headers. PR 41144.
		With Apache 1.3, the denial of service vulnerability applies only
		to the Windows and NetWare platforms.
		[Jeff Trawick]

		*) More efficient implementation of the CVE-2007-3304 PID table
		patch. This fixes issues with excessive memory usage by the
		parent process if long-running and with a high number of child

+5 −3

Original line number	Diff line number	Diff line
		@@ -282,7 +282,8 @@ const char *
		*q = ',';
		if (wk == 7)
		return x; /* not a valid date */
		if (q[4] != '-' \|\| q[8] != '-' \|\| q[11] != ' ' \|\| q[14] != ':' \|\|
		if (strlen(q) != 24 \|\|
		q[4] != '-' \|\| q[8] != '-' \|\| q[11] != ' ' \|\| q[14] != ':' \|\|
		q[17] != ':' \|\| strcmp(&q[20], " GMT") != 0)
		return x;
		if (sscanf(q + 2, "%u-%3s-%u %u:%u:%u %3s", &mday, month, &year,
		@@ -294,8 +295,9 @@ const char *
		year += 1900;
		}
		else {
		/* check for acstime() date */
		if (x[3] != ' ' \|\| x[7] != ' ' \|\| x[10] != ' ' \|\| x[13] != ':' \|\|
		/* check for asctime() date */
		if (strlen(x) != 24 \|\|
		x[3] != ' ' \|\| x[7] != ' ' \|\| x[10] != ' ' \|\| x[13] != ':' \|\|
		x[16] != ':' \|\| x[19] != ' ' \|\| x[24] != '\0')
		return x;
		if (sscanf(x, "%3s %3s %u %u:%u:%u %u", week, month, &mday, &hour,