diff options
| author |   henning <henning@openbsd.org> | 2002-10-28 17:36:54 +0000 |
|---|---|---|
| committer | henning <henning@openbsd.org> | 2002-10-28 17:36:54 +0000 |
| commit | bfe26256efa4755c2a187018ac6aa1149c14d688 (patch) | |
| tree | 24bf24b9e3bd1dc0296706a9b504c66799c7be5f | |
| parent | fix typo: regulary -> regularly; from Margarida Sequeira <niness@devilness.org> (diff) | |
| download | wireguard-openbsd-bfe26256efa4755c2a187018ac6aa1149c14d688.tar.xz wireguard-openbsd-bfe26256efa4755c2a187018ac6aa1149c14d688.zip | |
merge mod-ssl 2.8.12
fixes a cross site scripting bug
fixes 2 off-by-ones
| -rw-r--r-- | usr.sbin/httpd/src/CHANGES.SSL | 6 | ||||
| -rw-r--r-- | usr.sbin/httpd/src/modules/ssl/libssl.version | 2 | ||||
| -rw-r--r-- | usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c | 4 | ||||
| -rw-r--r-- | usr.sbin/httpd/src/modules/ssl/ssl_engine_kernel.c | 3 |
4 files changed, 11 insertions, 4 deletions
diff --git a/usr.sbin/httpd/src/CHANGES.SSL b/usr.sbin/httpd/src/CHANGES.SSL index 914307cc0ff..322e2e284d0 100644 --- a/usr.sbin/httpd/src/CHANGES.SSL +++ b/usr.sbin/httpd/src/CHANGES.SSL @@ -23,6 +23,12 @@ / __/ | (_) | __ |_____(_)___/ ___________________________________________ + Changes with mod_ssl 2.8.12 (04-Oct-2002 to 23-Oct-2002) + + *) Fixed potential Cross-Site-Scripting bug. + + *) Allow also 8192 bytes of shared memory data size. + Changes with mod_ssl 2.8.11 (24-Jun-2002 to 04-Oct-2002) *) Upgraded to Apache 1.3.27. diff --git a/usr.sbin/httpd/src/modules/ssl/libssl.version b/usr.sbin/httpd/src/modules/ssl/libssl.version index 467d83487ef..5274d4d79e2 100644 --- a/usr.sbin/httpd/src/modules/ssl/libssl.version +++ b/usr.sbin/httpd/src/modules/ssl/libssl.version @@ -1 +1 @@ -mod_ssl/2.8.11-1.3.27 +mod_ssl/2.8.12-1.3.27 diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c index 5fd4d6be7b9..94b5d15e397 100644 --- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c +++ b/usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c @@ -756,7 +756,7 @@ const char *ssl_cmd_SSLSessionCache( return "SSLSessionCache: Invalid argument: no closing parenthesis"; *cp2 = NUL; mc->nSessionCacheDataSize = atoi(cp); - if (mc->nSessionCacheDataSize <= 8192) + if (mc->nSessionCacheDataSize < 8192) return "SSLSessionCache: Invalid argument: size has to be >= 8192 bytes"; maxsize = ap_mm_core_maxsegsize(); if (mc->nSessionCacheDataSize >= maxsize) @@ -778,7 +778,7 @@ const char *ssl_cmd_SSLSessionCache( return "SSLSessionCache: Invalid argument: no closing parenthesis"; *cp2 = NUL; mc->nSessionCacheDataSize = atoi(cp); - if (mc->nSessionCacheDataSize <= 8192) + if (mc->nSessionCacheDataSize < 8192) return "SSLSessionCache: Invalid argument: size has to be >= 8192 bytes"; maxsize = ap_mm_core_maxsegsize(); if (mc->nSessionCacheDataSize >= maxsize) diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_kernel.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_kernel.c index 9613da5d752..c83510f76a3 100644 --- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_kernel.c +++ b/usr.sbin/httpd/src/modules/ssl/ssl_engine_kernel.c @@ -622,7 +622,8 @@ int ssl_hook_Handler(request_rec *r) if (!ap_is_default_port(port, r)) thisport = ap_psprintf(r->pool, ":%u", port); thisurl = ap_psprintf(r->pool, "https://%s%s/", - ap_get_server_name(r), thisport); + ap_escape_html(r->pool, ap_get_server_name(r)), + thisport); ap_table_setn(r->notes, "error-notes", ap_psprintf(r->pool, "Reason: You're speaking plain HTTP to an SSL-enabled server port.<BR>\n" |