[25831] in bugtraq
Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP
daemon@ATHENA.MIT.EDU (Florian Weimer)
Mon Jun 17 20:11:24 2002
To: <valcu.gheorghe@caatoosee.ro>
Cc: <bugtraq@securityfocus.com>, "X-Force" <xforce@iss.net>
From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>
Date: Mon, 17 Jun 2002 20:57:50 +0200
In-Reply-To: <013001c21627$82b48740$dc9766c2@caatoosee.ro> (<valcu.gheorghe@caatoosee.ro>'s
message of "Mon, 17 Jun 2002 20:50:47 +0300")
Message-ID: <87k7oxybpt.fsf@CERT.Uni-Stuttgart.DE>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
<valcu.gheorghe@caatoosee.ro> writes:
> The patch that mentioned casting bufsiz from an int to an unsigned int
> failed to do a few things:
>
> 1) There are 2 instances of the same code in http_protocol.c that need
> to be fixed, as both suffer from the same problem
> 2) The cast to unsigned int was only done in comparison, and was not
> done in assignment, which could possibly lead to problems down the road
> with the int value?
3) Casting to unsigned int does not help that much if the variable in
question is a long.
The Apache CVS repository now seems contain a correct patch.
--
Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT fax +49-711-685-5898
