[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
On Sun, Jun 23, 2002 at 12:46:04PM +0200, Jedi/Sector One wrote:
> On Sun, Jun 23, 2002 at 04:42:08AM -0600, Federico G. Schwindt wrote:
> > Diff applied, although only the sizeof(caCMD) - 1.
> > Thanks.
> This off-by-one is the real vulnerability, but why don't you fix the space
> trimming as well?
> In the current Apache parser, spaces are already trimmed when the redirect
> hooks are called,so the first part of ssl_compat_directive() is useless. By
> chance. Either assume that spaces are always trimmed and remove this part,
> or check the buffer size. In the current state, we have both useless and
> insecure code.
I see no real problem here. Returning NULL would mean this is a comment
while it's not the case. This may be a real oversized or wrong directive.
Assuming that it's a comment becuase its lenght exceed 1023 bytes is
wrong in my opinion, and not what the code intended in first place.