From b1afa70840b4ab4e6fbc12ac8798b2f3ccc336b2 Mon Sep 17 00:00:00 2001
From: Jeff Trawick <trawick@apache.org>
Date: Thu, 4 Nov 2010 12:10:10 +0000
Subject: [PATCH] SECURITY: CVE-2010-3872 (cve.mitre.org)

Fix possible stack buffer overwrite.

PR:  49406
Reported and diagnosed by: Edgar Frank <ef-lists email.de>


git-svn-id: https://svn.apache.org/repos/asf/httpd/mod_fcgid/trunk@1030894 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES-FCGID                | 4 ++++
 modules/fcgid/fcgid_bucket.c | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/CHANGES-FCGID b/CHANGES-FCGID
index 06dfde4..90ed060 100644
--- a/CHANGES-FCGID
+++ b/CHANGES-FCGID
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with mod_fcgid 2.3.6
 
+  *) SECURITY: CVE-2010-3872 (cve.mitre.org)
+     Fix possible stack buffer overwrite.  Diagnosed by the reporter.
+     PR 49406.  [Edgar Frank <ef-lists email.de>]
+
   *) Change the default for FcgidMaxRequestLen from 1GB to 128K.
      Administrators should change this to an appropriate value based on
      site requirements.  [Jeff Trawick]
diff --git a/modules/fcgid/fcgid_bucket.c b/modules/fcgid/fcgid_bucket.c
index 9f3d55d..7313f29 100644
--- a/modules/fcgid/fcgid_bucket.c
+++ b/modules/fcgid/fcgid_bucket.c
@@ -96,7 +96,7 @@ static apr_status_t fcgid_header_bucket_read(apr_bucket * b,
 
         /* Initialize header */
         putsize = fcgid_min(bufferlen, sizeof(header) - hasread);
-        memcpy(&header + hasread, buffer, putsize);
+        memcpy((apr_byte_t *)&header + hasread, buffer, putsize);
         hasread += putsize;
 
         /* Ignore the bytes that have read */