www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

Avoid buffer overflow if one protocol string is too long, but at least

Browse Source 
one is not.

Also add log messages numbers and avoid useless string dup.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1345599 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Stefan Fritsch
2012-06-02 22:28:26 +00:00
parent ea690c5e6f
commit 41cd334ad6
3 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/log-message-tags/next-number
View File

@@ -1 +1 @@
2306 2308

5
modules/ssl/ssl_engine_io.c
View File

@@ -1388,9 +1388,8 @@ static apr_status_t ssl_io_filter_input(ap_filter_t *f,
SSL_get0_next_proto_negotiated( SSL_get0_next_proto_negotiated(
inctx->ssl, &next_proto, &next_proto_len); inctx->ssl, &next_proto, &next_proto_len);
ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, f->c, ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, f->c,
"SSL NPN negotiated protocol: '%s'", APLOGNO(02306) "SSL NPN negotiated protocol: '%*s'",
apr_pstrmemdup(f->c->pool, (const char*)next_proto, next_proto_len, (const char*)next_proto);
next_proto_len));
modssl_run_npn_proto_negotiated_hook( modssl_run_npn_proto_negotiated_hook(
f->c, (const char*)next_proto, next_proto_len); f->c, (const char*)next_proto, next_proto_len);
inctx->npn_finished = 1; inctx->npn_finished = 1;

4
modules/ssl/ssl_engine_kernel.c
View File

@@ -2189,7 +2189,7 @@ int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data_out,
/* If the protocol name is too long (the length must fit in one byte), /* If the protocol name is too long (the length must fit in one byte),
* then log an error and skip it. */ * then log an error and skip it. */
if (length > 255) { if (length > 255) {
ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02307)
"SSL NPN protocol name too long (length=%u): %s", "SSL NPN protocol name too long (length=%u): %s",
length, string); length, string);
continue; continue;
@@ -2213,6 +2213,8 @@ int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data_out,
for (i = 0; i < num_protos; ++i) { for (i = 0; i < num_protos; ++i) {
const char *string = APR_ARRAY_IDX(protos, i, const char*); const char *string = APR_ARRAY_IDX(protos, i, const char*);
apr_size_t length = strlen(string); apr_size_t length = strlen(string);
if (length > 255)
continue;
*start = (unsigned char)length; *start = (unsigned char)length;
++start; ++start;
memcpy(start, string, length * sizeof(unsigned char)); memcpy(start, string, length * sizeof(unsigned char));