From: Joe Orton <jorton@apache.org>
Date: Mon, 5 Sep 2011 12:59:07 +0000 (+0000)
Subject: * modules/http/byterange_filter.c (ap_byterange_filter): Don't reveal
X-Git-Tag: 2.3.15~296
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=571b03678ecbd9b78f2a0d9f1f8c67880b156426;p=apache

* modules/http/byterange_filter.c (ap_byterange_filter): Don't reveal
  the pid in the boundary delimiter (part of CVE-2003-1418).


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1165268 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/http/byterange_filter.c b/modules/http/byterange_filter.c
index 8972374ff1..de6c729fdf 100644
--- a/modules/http/byterange_filter.c
+++ b/modules/http/byterange_filter.c
@@ -273,7 +273,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_byterange_filter(ap_filter_t *f,
         /* Is ap_make_content_type required here? */
         const char *orig_ct = ap_make_content_type(r, r->content_type);
         boundary = apr_psprintf(r->pool, "%" APR_UINT64_T_HEX_FMT "%lx",
-                                (apr_uint64_t)r->request_time, (long) getpid());
+                                (apr_uint64_t)r->request_time, c->id);
 
         ap_set_content_type(r, apr_pstrcat(r->pool, "multipart",
                                            use_range_x(r) ? "/x-" : "/",