head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.54 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.52 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.50 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.48 pkgsrc-2011Q2-base:1.2 pkgsrc-2009Q4:1.2.0.46 pkgsrc-2009Q4-base:1.2 pkgsrc-2008Q4:1.2.0.44 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.2.0.42 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.40 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.38 pkgsrc-2008Q2-base:1.2 pkgsrc-2008Q1:1.2.0.36 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.34 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.2.0.32 pkgsrc-2007Q3-base:1.2 pkgsrc-2007Q2:1.2.0.30 pkgsrc-2007Q2-base:1.2 pkgsrc-2007Q1:1.2.0.28 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.2.0.26 pkgsrc-2006Q4-base:1.2 pkgsrc-2006Q3:1.2.0.24 pkgsrc-2006Q3-base:1.2 pkgsrc-2006Q2:1.2.0.22 pkgsrc-2006Q2-base:1.2 pkgsrc-2006Q1:1.2.0.20 pkgsrc-2006Q1-base:1.2 pkgsrc-2005Q4:1.2.0.18 pkgsrc-2005Q4-base:1.2 pkgsrc-2005Q3:1.2.0.16 pkgsrc-2005Q3-base:1.2 pkgsrc-2005Q2:1.2.0.14 pkgsrc-2005Q2-base:1.2 pkgsrc-2005Q1:1.2.0.12 pkgsrc-2005Q1-base:1.2 pkgsrc-2004Q4:1.2.0.10 pkgsrc-2004Q4-base:1.2 pkgsrc-2004Q3:1.2.0.8 pkgsrc-2004Q3-base:1.2 pkgsrc-2004Q2:1.2.0.6 pkgsrc-2004Q2-base:1.2 pkgsrc-2004Q1:1.2.0.4 pkgsrc-2004Q1-base:1.2 pkgsrc-2003Q4:1.2.0.2 pkgsrc-2003Q4-base:1.2; locks; strict; comment @# @; 1.2 date 2003.11.02.09.35.12; author cube; state dead; branches; next 1.1; 1.1 date 2003.10.29.10.45.26; author cube; state Exp; branches; next ; desc @@ 1.2 log @Update apache6 to 1.3.29 + ipv6 patch. Major changes since 1.3.28: Security vulnerabilities * CAN-2003-0542 (cve.mitre.org) Fix buffer overflows in mod_alias and mod_rewrite which occurred if one configured a regular expression with more than 9 captures. Bugs fixed The following noteworthy bugs were found in Apache 1.3.28 (or earlier) and have been fixed in Apache 1.3.29: * Within ap_bclose(), ap_pclosesocket() is now called * consistently for sockets and ap_pclosef() for files. Also, closesocket() is used consistenly to close socket fd's. The previous confusion between socket and file fd's would cause problems with some applications now that we proactively close fd's to prevent leakage. * Fixed mod_usertrack to not get false positive matches on the user-tracking cookie's name. * Prevent creation of subprocess Zombies when using CGI wrappers such as suEXEC and cgiwrap. @ text @$NetBSD: patch-ao,v 1.1 2003/10/29 10:45:26 cube Exp $ --- src/modules/standard/mod_rewrite.c.orig 2003-10-29 09:25:17.000000000 +0100 +++ src/modules/standard/mod_rewrite.c @@@@ -1834,7 +1834,7 @@@@ static int apply_rewrite_rule(request_re const char *vary; char newuri[MAX_STRING_LEN]; regex_t *regexp; - regmatch_t regmatch[MAX_NMATCH]; + regmatch_t regmatch[AP_MAX_REG_MATCH]; backrefinfo *briRR = NULL; backrefinfo *briRC = NULL; int prefixstrip; @@@@ -1891,7 +1891,7 @@@@ static int apply_rewrite_rule(request_re rewritelog(r, 3, "[per-dir %s] applying pattern '%s' to uri '%s'", perdir, p->pattern, uri); } - rc = (ap_regexec(regexp, uri, regexp->re_nsub+1, regmatch, 0) == 0); + rc = (ap_regexec(regexp, uri, AP_MAX_REG_MATCH, regmatch, 0) == 0); if (! (( rc && !(p->flags & RULEFLAG_NOTMATCH)) || (!rc && (p->flags & RULEFLAG_NOTMATCH)) ) ) { return 0; @@@@ -2179,7 +2179,7 @@@@ static int apply_rewrite_cond(request_re char input[MAX_STRING_LEN]; struct stat sb; request_rec *rsub; - regmatch_t regmatch[MAX_NMATCH]; + regmatch_t regmatch[AP_MAX_REG_MATCH]; int rc; /* @@@@ -2283,8 +2283,7 @@@@ static int apply_rewrite_cond(request_re } else { /* it is really a regexp pattern, so apply it */ - rc = (ap_regexec(p->regexp, input, - p->regexp->re_nsub+1, regmatch,0) == 0); + rc = (ap_regexec(p->regexp, input, AP_MAX_REG_MATCH, regmatch,0) == 0); /* if it isn't a negated pattern and really matched we update the passed-through regex subst info structure */ @@@@ -2442,7 +2441,7 @@@@ static void do_expand(request_rec *r, ch bri = briRC; } /* see ap_pregsub() in src/main/util.c */ - if (bri && n <= bri->nsub && + if (bri && n < AP_MAX_REG_MATCH && bri->regmatch[n].rm_eo > bri->regmatch[n].rm_so) { span = bri->regmatch[n].rm_eo - bri->regmatch[n].rm_so; if (span > space) { @ 1.1 log @Import security fix from 1.3.29 distribution for a buffer overflow in mod_rewrite and mod_alias, referenced CAN-2003-0542. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ @