Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 39362 Details for
Bug 63605
Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
The patch to fix the vulnerability
ssl_engine_io.c.patch (text/plain), 930 bytes, created by
Tom Lynema
on 2004-09-10 16:35:46 UTC
(
hide
)
Description:
The patch to fix the vulnerability
Filename:
MIME Type:
Creator:
Tom Lynema
Created:
2004-09-10 16:35:46 UTC
Size:
930 bytes
patch
obsolete
>=================================================================== >RCS file: /home/cvspublic/httpd-2.0/modules/ssl/ssl_engine_io.c,v >retrieving revision 1.125 >retrieving revision 1.126 >diff -u -r1.125 -r1.126 >--- httpd-2.0/modules/ssl/ssl_engine_io.c 2004/08/11 13:19:24 1.125 >+++ httpd-2.0/modules/ssl/ssl_engine_io.c 2004/08/17 16:31:23 1.126 >@@ -564,8 +564,12 @@ > *len = bytes; > if (inctx->mode == AP_MODE_SPECULATIVE) { > /* We want to rollback this read. */ >- inctx->cbuf.value -= bytes; >- inctx->cbuf.length += bytes; >+ if (inctx->cbuf.length > 0) { >+ inctx->cbuf.value -= bytes; >+ inctx->cbuf.length += bytes; >+ } else { >+ char_buffer_write(&inctx->cbuf, buf, (int)bytes); >+ } > return APR_SUCCESS; > } > /* This could probably be *len == wanted, but be safe from stray
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 63605
: 39362