Patch buffer overflow described in

<URL:http://www.apache-ssl.org/advisory-20020301.txt>.

1 files changed, 27 insertions, 0 deletions

diff --git a/www/apache13-ssl/files/patch-src::modules::ssl::apache_ssl.c b/www/apache13-ssl/files/patch-src::modules::ssl::apache_ssl.c
new file mode 100644
index 000000000000..6ed9f3ad0dd9
--- /dev/null
+++ b/www/apache13-ssl/files/patch-src::modules::ssl::apache_ssl.c
@@ -0,0 +1,27 @@
+--- src/modules/ssl/apache_ssl.c	Wed Dec  5 08:24:16 2001
++++ src/modules/ssl/apache_ssl.c	Mon Mar  4 04:17:11 2002
+@@ -1254,7 +1254,6 @@
+ static void SendSessionToServer(SSL_SESSION *pSession,
+ 				conn_rec *pCurrentConnection)
+     {
+-    uchar buf[MAX_SESSION_DER];
+     Cache *p;
+     uchar *t;
+     int nLength;
+@@ -1273,13 +1272,13 @@
+     memcpy(t,pSession->session_id,pSession->session_id_length);
+     p=LocalCacheAdd(t,pSession->session_id_length,tExpiresAt);
+ 
+-    t=buf;
+-    nLength=i2d_SSL_SESSION(pSession,&t);
++    nLength=i2d_SSL_SESSION(pSession,NULL);
+     assert(nLength > 0);
+     assert(nLength <= MAX_SESSION_DER);
+ 
+     p->aucData=malloc(nLength);
+-    memcpy(p->aucData,buf,nLength);
++    t=p->aucData;
++    nLength=i2d_SSL_SESSION(pSession,&t);
+     p->nData=nLength;
+ 
+     GlobalCacheAdd(p->aucKey,p->nKey,p->aucData,p->nData,tExpiresAt);