Security: fix a buffer overrun in ssl_callback_SSLVerify_CRL()

Reported by:	thierry

2 files changed, 12 insertions, 0 deletions

diff --git a/www/apache20/Makefile b/www/apache20/Makefile
index 0873160a4f3a..1d81c75dde42 100644
--- a/www/apache20/Makefile
+++ b/www/apache20/Makefile
@@ -9,6 +9,7 @@
 
 PORTNAME=	apache
 PORTVERSION=	2.0.54
+PORTREVISION=	1
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_APACHE_HTTPD} \
 		${MASTER_SITE_LOCAL:S/%SUBDIR%/clement/}:powerlogo
diff --git a/www/apache20/files/patch-secfix-ssl_engine_kernel.c b/www/apache20/files/patch-secfix-ssl_engine_kernel.c
new file mode 100644
index 000000000000..3b8be849954b
--- /dev/null
+++ b/www/apache20/files/patch-secfix-ssl_engine_kernel.c
@@ -0,0 +1,11 @@
+--- modules/ssl/ssl_engine_kernel.c	2005/06/08 09:00:24	189561
++++ modules/ssl/ssl_engine_kernel.c	2005/06/08 09:08:09	189562
+@@ -1398,7 +1398,7 @@
+             BIO_printf(bio, ", nextUpdate: ");
+             ASN1_UTCTIME_print(bio, X509_CRL_get_nextUpdate(crl));
+ 
+-            n = BIO_read(bio, buff, sizeof(buff));
++            n = BIO_read(bio, buff, sizeof(buff) - 1);
+             buff[n] = '\0';
+ 
+             BIO_free(bio);