Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions CHANGES
Original file line number Diff line number Diff line change
@@ -1,6 +1,12 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.1

*) mod_sed: Fix an out-of-bounds read in the "y" (transliterate) command
compiler when the replacement string is shorter than the source
string. The parser now rejects the mismatched command instead of
reading past the end of the script line buffer.
[Ankit Prateek (OffByQuant) <ankit offbyquant.com>]

*) mod_proxy_beacon: Back-end reverse proxy servers can announce
themselves and be auto-added to their front-end proxy balancer.
[Jim Jagielski]
Expand Down
6 changes: 6 additions & 0 deletions modules/filters/sed0.c
Original file line number Diff line number Diff line change
Expand Up @@ -960,7 +960,13 @@ static char *ycomp(sed_commands_t *commands, char *expbuf)
tsp++;
}
if(ep[cint] == commands->sseof || ep[cint] == '\0') {
/* Destination string is shorter than the source string: the byte
* just read is the closing delimiter or the NUL terminator, not a
* real replacement character. Report the size mismatch and stop
* now -- continuing would walk tsp past the end of the line buffer
* (out-of-bounds read of linebuf). */
command_errf(commands, SEDERR_TSNTSS, commands->linebuf);
return NULL;
}
}
if(*tsp != commands->sseof) {
Expand Down