summaryrefslogtreecommitdiffstats
path: root/www/apache22
diff options
context:
space:
mode:
authorclement <clement@FreeBSD.org>2005-12-12 20:55:14 +0000
committerclement <clement@FreeBSD.org>2005-12-12 20:55:14 +0000
commit47f4669c1139f579bdb9d2660eb394ac133ba393 (patch)
tree7a929cc0886cd44b5b75afa371ece649e6dd71ab /www/apache22
parent7355e91db607ce2e98c91ae029e29a718f5769af (diff)
downloadFreeBSD-ports-47f4669c1139f579bdb9d2660eb394ac133ba393.zip
FreeBSD-ports-47f4669c1139f579bdb9d2660eb394ac133ba393.tar.gz
SECURITY: CVE-2005-3352 (cve.mitre.org)
mod_imap: Escape untrusted referer header before outputting in HTML to avoid potential cross-site scripting. Change also made to ap_escape_html so we escape quotes. Reported by JPCERT. [Mark Cox] Reported by: simon
Diffstat (limited to 'www/apache22')
-rw-r--r--www/apache22/Makefile2
-rw-r--r--www/apache22/files/patch-secfix-CAN-2005-335235
2 files changed, 36 insertions, 1 deletions
diff --git a/www/apache22/Makefile b/www/apache22/Makefile
index 4398b55..22ffd4b 100644
--- a/www/apache22/Makefile
+++ b/www/apache22/Makefile
@@ -9,7 +9,7 @@
PORTNAME= apache
PORTVERSION= 2.2.0
-PORTREVISION= 2
+PORTREVISION= 3
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD} \
${MASTER_SITE_LOCAL:S/%SUBDIR%/clement/}:powerlogo
diff --git a/www/apache22/files/patch-secfix-CAN-2005-3352 b/www/apache22/files/patch-secfix-CAN-2005-3352
new file mode 100644
index 0000000..cc97428
--- /dev/null
+++ b/www/apache22/files/patch-secfix-CAN-2005-3352
@@ -0,0 +1,35 @@
+--- modules/mappers/mod_imagemap.c (original)
++++ modules/mappers/mod_imagemap.c Mon Dec 12 09:27:59 2005
+@@ -342,7 +342,7 @@
+ if (!strcasecmp(value, "referer")) {
+ referer = apr_table_get(r->headers_in, "Referer");
+ if (referer && *referer) {
+- return apr_pstrdup(r->pool, referer);
++ return apr_escape_html(r->pool, referer);
+ }
+ else {
+ /* XXX: This used to do *value = '\0'; ... which is totally bogus
+
+--- server/util.c (original)
++++ server/util.c Mon Dec 12 09:27:59 2005
+@@ -1748,6 +1748,8 @@
+ j += 3;
+ else if (s[i] == '&')
+ j += 4;
++ else if (s[i] == '"')
++ j += 5;
+
+ if (j == 0)
+ return apr_pstrmemdup(p, s, i);
+@@ -1765,6 +1767,10 @@
+ else if (s[i] == '&') {
+ memcpy(&x[j], "&amp;", 5);
+ j += 4;
++ }
++ else if (s[i] == '"') {
++ memcpy(&x[j], "&quot;", 6);
++ j += 5;
+ }
+ else
+ x[j] = s[i];
+
OpenPOWER on IntegriCloud