Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.1:kernel-2.6.32
apache2
httpd-2.2.x-CVE-2009-3094.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File httpd-2.2.x-CVE-2009-3094.patch of Package apache2
--- httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ftp.c 2009/09/14 20:52:15 814846 +++ httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ftp.c 2009/09/14 20:53:28 814847 @@ -912,6 +912,11 @@ if ((password = apr_table_get(r->headers_in, "Authorization")) != NULL && strcasecmp(ap_getword(r->pool, &password, ' '), "Basic") == 0 && (password = ap_pbase64decode(r->pool, password))[0] != ':') { + /* Check the decoded string for special characters. */ + if (!ftp_check_string(password)) { + return ap_proxyerror(r, HTTP_BAD_REQUEST, + "user credentials contained invalid character"); + } /* * Note that this allocation has to be made from r->connection->pool * because it has the lifetime of the connection. The other
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor