Commit fix for CVE-2010-0010, an integer overflow on platforms where (a5eab2dc) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

src/CHANGES

+5 −0

Original line number	Diff line number	Diff line
		Changes with Apache 1.3.42

		*) SECURITY: CVE-2010-0010 (cve.mitre.org)
		mod_proxy: Prevent chunk-size integer overflow on platforms
		where sizeof(int) < sizeof(long). Reported by Adam Zabrocki.
		[Colm MacCárthaigh]

		*) IMPORTANT: This is the final release of Apache httpd 1.3.
		Apache httpd 1.3 has reached end of life, as of January 2010.
		No further releases of this software will be made, although critical

+2 −2

Original line number	Diff line number	Diff line
		@@ -737,7 +737,7 @@ API_EXPORT(int) ap_bread(BUFF fb, void buf, int nbyte)
		{
		int i, nrd;

		if (fb->flags & B_RDERR)
		if (fb->flags & B_RDERR \|\| nbyte < 0)
		return -1;
		if (nbyte == 0)
		return 0;
		@@ -1258,7 +1258,7 @@ API_EXPORT(int) ap_bwrite(BUFF fb, const void buf, int nbyte)
		static int csize = 0;
		#endif /CHARSET_EBCDIC/

		if (fb->flags & (B_WRERR \| B_EOUT))
		if (fb->flags & (B_WRERR \| B_EOUT) \|\| nbyte < 0)
		return -1;
		if (nbyte == 0)
		return 0;

+3 −3

Original line number	Diff line number	Diff line
		@@ -507,7 +507,7 @@ long int ap_proxy_send_fb(BUFF f, request_rec r, cache_req *c, off_t len, int

		/* read the chunk */
		if (remaining > 0) {
		n = ap_bread(f, buf, MIN((int)buf_size, (int)remaining));
		n = ap_bread(f, buf, (int) MIN(buf_size, remaining));
		if (n > -1) {
		remaining -= n;
		end_of_chunk = (remaining == 0);
		@@ -548,8 +548,8 @@ long int ap_proxy_send_fb(BUFF f, request_rec r, cache_req *c, off_t len, int
		n = ap_bread(f, buf, buf_size);
		}
		else {
		n = ap_bread(f, buf, MIN((int)buf_size,
		(int)(len - total_bytes_rcvd)));
		n = ap_bread(f, buf, (int) MIN(buf_size,
		(len - total_bytes_rcvd)));
		}
		}