]> granicus.if.org Git - apache/commitdiff
projects / apache / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: be6ef33)
SECURITY: CVE-2013-6438 (cve.mitre.org)
authorBen Reser <breser@apache.org>
Wed, 8 Jan 2014 02:40:38 +0000 (02:40 +0000)
committerBen Reser <breser@apache.org>
Wed, 8 Jan 2014 02:40:38 +0000 (02:40 +0000)
mod_dav: Keep track of length of cdata properly when removing leading spaces.

* modules/dav/main/util.c
  (dav_xml_get_cdata): reduce len variable when increasing cdata pointer.

Submitted by: Amin Tora <Amin.Tora neustar.biz>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1556428 13f79535-47bb-0310-9956-ffa450edef68

modules/dav/main/util.c patch | blob | history

diff --git a/modules/dav/main/util.c b/modules/dav/main/util.c
index 1f393401b2a6e72e966f80baf8a15d982716825e..4e85a04f067b2b96850ddb3ecab58e74de7d06a4 100644 (file)
--- a/modules/dav/main/util.c
+++ b/modules/dav/main/util.c
@@ -396,8 +396,10 @@ DAV_DECLARE(const char *) dav_xml_get_cdata(const apr_xml_elem *elem, apr_pool_t
 
     if (strip_white) {
         /* trim leading whitespace */
-        while (apr_isspace(*cdata))     /* assume: return false for '\0' */
+        while (apr_isspace(*cdata))     /* assume: return false for '\0' */
             ++cdata;
+            --len;
+        }
 
         /* trim trailing whitespace */
         while (len-- > 0 && apr_isspace(cdata[len]))
Unnamed repository; edit this file 'description' to name the repository.