SECURITY: CVE-2013-6438 (cve.mitre.org)
mod_dav: Keep track of length of cdata properly when removing leading spaces.
* modules/dav/main/util.c
(dav_xml_get_cdata): reduce len variable when increasing cdata pointer.
Submitted by: Amin Tora <Amin.Tora neustar.biz>
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1556816 13f79535-47bb-0310-9956-
ffa450edef68
2.4.x patch: trunk works, + CHANGES
+1: covener, druggeri, trawick
- * mod_dav: Fix string length calculation in dav_xml_get_cdata()
- trunk patch: https://svn.apache.org/r1556428
- 2.4.x: trunk patch applies aka `svn merge -c 1556428 ^/httpd/httpd/trunk`
- +1: breser, trawick, covener
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
if (strip_white) {
/* trim leading whitespace */
- while (apr_isspace(*cdata)) /* assume: return false for '\0' */
+ while (apr_isspace(*cdata)) { /* assume: return false for '\0' */
++cdata;
+ --len;
+ }
/* trim trailing whitespace */
while (len-- > 0 && apr_isspace(cdata[len]))
projects / apache / commitdiff