Skip to content

Commit b1afa70

Browse files
committed
SECURITY: CVE-2010-3872 (cve.mitre.org)
Fix possible stack buffer overwrite. PR: 49406 Reported and diagnosed by: Edgar Frank <ef-lists email.de> git-svn-id: https://svn.apache.org/repos/asf/httpd/mod_fcgid/trunk@1030894 13f79535-47bb-0310-9956-ffa450edef68
1 parent ed89a6f commit b1afa70

File tree

2 files changed

+5
-1
lines changed

2 files changed

+5
-1
lines changed

Diff for: CHANGES-FCGID

+4
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,10 @@
11
-*- coding: utf-8 -*-
22
Changes with mod_fcgid 2.3.6
33

4+
*) SECURITY: CVE-2010-3872 (cve.mitre.org)
5+
Fix possible stack buffer overwrite. Diagnosed by the reporter.
6+
PR 49406. [Edgar Frank <ef-lists email.de>]
7+
48
*) Change the default for FcgidMaxRequestLen from 1GB to 128K.
59
Administrators should change this to an appropriate value based on
610
site requirements. [Jeff Trawick]

Diff for: modules/fcgid/fcgid_bucket.c

+1-1
Original file line numberDiff line numberDiff line change
@@ -96,7 +96,7 @@ static apr_status_t fcgid_header_bucket_read(apr_bucket * b,
9696

9797
/* Initialize header */
9898
putsize = fcgid_min(bufferlen, sizeof(header) - hasread);
99-
memcpy(&header + hasread, buffer, putsize);
99+
memcpy((apr_byte_t *)&header + hasread, buffer, putsize);
100100
hasread += putsize;
101101

102102
/* Ignore the bytes that have read */

0 commit comments

Comments
 (0)