Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 105364 Details for
Bug 159941
www-servers/thttpd: potential oob write CVE-2007-0158
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for this issue
thttpd-patch.diff (text/plain), 893 bytes, created by
Tavis Ormandy (RETIRED)
on 2007-01-04 04:10:36 UTC
(
hide
)
Description:
patch for this issue
Filename:
MIME Type:
Creator:
Tavis Ormandy (RETIRED)
Created:
2007-01-04 04:10:36 UTC
Size:
893 bytes
patch
obsolete
>--- thttpd-2.25b.orig/libhttpd.c 2003-12-25 19:06:05.000000000 +0000 >+++ thttpd-2.25b/libhttpd.c 2006-12-24 01:43:56.208499592 +0000 >@@ -1469,7 +1469,7 @@ > httpd_realloc_str( &checked, &maxchecked, checkedlen ); > (void) strcpy( checked, path ); > /* Trim trailing slashes. */ >- while ( checked[checkedlen - 1] == '/' ) >+ while ( checkedlen && checked[checkedlen - 1] == '/' ) > { > checked[checkedlen - 1] = '\0'; > --checkedlen; >@@ -1488,7 +1488,7 @@ > restlen = strlen( path ); > httpd_realloc_str( &rest, &maxrest, restlen ); > (void) strcpy( rest, path ); >- if ( rest[restlen - 1] == '/' ) >+ if ( restlen && rest[restlen - 1] == '/' ) > rest[--restlen] = '\0'; /* trim trailing slash */ > if ( ! tildemapped ) > /* Remove any leading slashes. */
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=105364">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 159941
: 105364
