diff options
| author | clement <clement@FreeBSD.org> | 2004-05-28 23:27:02 +0800 |
|---|---|---|
| committer | clement <clement@FreeBSD.org> | 2004-05-28 23:27:02 +0800 |
| commit | 3f6e6a05bc497128987ce4d55075c5b70e895799 (patch) | |
| tree | 83586a3b6a107346ab8982755120533d1acb03d1 /www/apache20 | |
| parent | 5846daf34ef21b73769083a377ce96fd44842870 (diff) | |
| download | freebsd-ports-gnome-3f6e6a05bc497128987ce4d55075c5b70e895799.tar.gz freebsd-ports-gnome-3f6e6a05bc497128987ce4d55075c5b70e895799.tar.zst freebsd-ports-gnome-3f6e6a05bc497128987ce4d55075c5b70e895799.zip | |
- Import security fix from Apache CVS...
* modules/ssl/ssl_engine_kernel.c (ssl_hook_UserCheck): Fix buffer
overflow in FakeBasicAuth code if client's subject DN exceeds 6K in
length (CVE CAN-2004-0488); switch to using apr-util base64 encoder
functions.
- ... and of course bump PORTREVISION.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488
http://secunia.com/advisories/11534/
Reported by: Charles-Damien Orbello <tazma@cultdeadsheep.org>
Diffstat (limited to 'www/apache20')
| -rw-r--r-- | www/apache20/Makefile | 1 | ||||
| -rw-r--r-- | www/apache20/files/patch-modules:ssl:ssl_engine_kernel.c | 39 |
2 files changed, 40 insertions, 0 deletions
diff --git a/www/apache20/Makefile b/www/apache20/Makefile index 2079423cef20..037c0464c3b1 100644 --- a/www/apache20/Makefile +++ b/www/apache20/Makefile @@ -9,6 +9,7 @@ PORTNAME= apache PORTVERSION= 2.0.49 +PORTREVISION= 1 CATEGORIES= www ipv6 MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD} \ http://sheepkiller.nerim.net/ports/${PORTNAME}/:powerlogo diff --git a/www/apache20/files/patch-modules:ssl:ssl_engine_kernel.c b/www/apache20/files/patch-modules:ssl:ssl_engine_kernel.c new file mode 100644 index 000000000000..571d465c4767 --- /dev/null +++ b/www/apache20/files/patch-modules:ssl:ssl_engine_kernel.c @@ -0,0 +1,39 @@ +=================================================================== +RCS file: /home/cvspublic/modules/ssl/ssl_engine_kernel.c,v +retrieving revision 1.105 +retrieving revision 1.106 +diff -u -r1.105 -r1.106 +--- modules/ssl/ssl_engine_kernel.c 2004/03/05 02:44:40 1.105 ++++ modules/ssl/ssl_engine_kernel.c 2004/05/25 12:09:01 1.106 +@@ -807,7 +807,6 @@ + SSLConnRec *sslconn = myConnConfig(r->connection); + SSLSrvConfigRec *sc = mySrvConfig(r->server); + SSLDirConfigRec *dc = myDirConfig(r); +- char buf1[MAX_STRING_LEN], buf2[MAX_STRING_LEN]; + char *clientdn; + const char *auth_line, *username, *password; + +@@ -886,14 +885,16 @@ + * adding the string "xxj31ZMTZzkVA" as the password in the user file. + * This is just the crypted variant of the word "password" ;-) + */ +- apr_snprintf(buf1, sizeof(buf1), "%s:password", clientdn); +- ssl_util_uuencode(buf2, buf1, FALSE); +- +- apr_snprintf(buf1, sizeof(buf1), "Basic %s", buf2); +- apr_table_set(r->headers_in, "Authorization", buf1); ++ auth_line = apr_pstrcat(r->pool, "Basic ", ++ ap_pbase64encode(r->pool, ++ apr_pstrcat(r->pool, clientdn, ++ ":password", NULL)), ++ NULL); ++ apr_table_set(r->headers_in, "Authorization", auth_line); + + ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server, +- "Faking HTTP Basic Auth header: \"Authorization: %s\"", buf1); ++ "Faking HTTP Basic Auth header: \"Authorization: %s\"", ++ auth_line); + + return DECLINED; + } + |