diff options
Diffstat (limited to 'www/apache22/patches/patch-CVE-2012-0021')
| -rw-r--r-- | www/apache22/patches/patch-CVE-2012-0021 | 42 |
1 files changed, 0 insertions, 42 deletions
diff --git a/www/apache22/patches/patch-CVE-2012-0021 b/www/apache22/patches/patch-CVE-2012-0021 deleted file mode 100644 index 80d11463546..00000000000 --- a/www/apache22/patches/patch-CVE-2012-0021 +++ /dev/null @@ -1,42 +0,0 @@ -$NetBSD: patch-CVE-2012-0021,v 1.1 2012/01/29 12:29:08 tron Exp $ - -Fix security vulnerability reported in CVE-2012-0021. Patch taken from -Apache SVN repository: - -http://svn.apache.org/viewvc?view=revision&revision=1227292 - ---- modules/loggers/mod_log_config.c.orig 2010-08-24 07:41:38.000000000 +0100 -+++ modules/loggers/mod_log_config.c 2012-01-29 12:08:13.000000000 +0000 -@@ -524,19 +524,21 @@ - - while ((cookie = apr_strtok(cookies, ";", &last1))) { - char *name = apr_strtok(cookie, "=", &last2); -- char *value; -- apr_collapse_spaces(name, name); -+ if (name) { -+ char *value; -+ apr_collapse_spaces(name, name); -+ -+ if (!strcasecmp(name, a) && (value = apr_strtok(NULL, "=", &last2))) { -+ char *last; -+ value += strspn(value, " \t"); /* Move past leading WS */ -+ last = value + strlen(value) - 1; -+ while (last >= value && apr_isspace(*last)) { -+ *last = '\0'; -+ --last; -+ } - -- if (!strcasecmp(name, a) && (value = apr_strtok(NULL, "=", &last2))) { -- char *last; -- value += strspn(value, " \t"); /* Move past leading WS */ -- last = value + strlen(value) - 1; -- while (last >= value && apr_isspace(*last)) { -- *last = '\0'; -- --last; -+ return ap_escape_logitem(r->pool, value); - } -- -- return ap_escape_logitem(r->pool, value); - } - cookies = NULL; - } |