* modules/ssl/ssl_engine_kernel.c (ssl_callback_SSLVerify_CRL): Fix

author Joe Orton <jorton@apache.org>

Fri, 3 Jun 2005 12:54:53 +0000 (12:54 +0000)

committer Joe Orton <jorton@apache.org>

Fri, 3 Jun 2005 12:54:53 +0000 (12:54 +0000)
author Joe Orton <jorton@apache.org>
Fri, 3 Jun 2005 12:54:53 +0000 (12:54 +0000)
committer Joe Orton <jorton@apache.org>
Fri, 3 Jun 2005 12:54:53 +0000 (12:54 +0000)
diff --git a/CHANGES b/CHANGES

index f7631d8d04fe3726f934208e831f9d6b95eedeb3..8eda3ce82d34d69c2a992ff5da3295851ba2097a 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,11 @@ Changes with Apache 2.1.5
  
    [Remove entries to the current 2.0 section below, when backported]
  
+  *) SECURITY: CAN-2005-1268 (cve.mitre.org)
+     mod_ssl: Fix possible crash on printing CRL details when
+     debugging is enabled, if configured to use a CRL from
+     a malicious source.  PR 35081.  [Marc Stern <mstern csc.com>]
+
    *) proxy FTP: Fix confusion about globbing characters which could lead
       to getting a directory listing when a file was requested.  PR 34512.
       [Sean <infamous41md hotmail.com>]
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c

index e2756dcfd0be5111b82b4a7a4694c263c0121ff1..03b1e88ce9e0199e8120495cbbbed26635b08862 100644 (file)
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -1408,7 +1408,7 @@ int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, conn_rec *c)
              BIO_printf(bio, ", nextUpdate: ");
              ASN1_UTCTIME_print(bio, X509_CRL_get_nextUpdate(crl));
  
-            n = BIO_read(bio, buff, sizeof(buff));
+            n = BIO_read(bio, buff, sizeof(buff) - 1);
              buff[n] = '\0';
  
              BIO_free(bio);
author	Joe Orton <jorton@apache.org>
	Fri, 3 Jun 2005 12:54:53 +0000 (12:54 +0000)
committer	Joe Orton <jorton@apache.org>
	Fri, 3 Jun 2005 12:54:53 +0000 (12:54 +0000)
CHANGES		patch \| blob \| history
modules/ssl/ssl_engine_kernel.c		patch \| blob \| history