SECURITY: CVE-2013-4365 (cve.mitre.org)
Fix possible heap buffer overwrite.
Submitted by: Robert Matthews <rob tigertech.com>
git-svn-id: https://svn.apache.org/repos/asf/httpd/mod_fcgid/trunk@1527362 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/CHANGES-FCGID b/CHANGES-FCGID
index 358d32c..5eaca3d 100644
--- a/CHANGES-FCGID
+++ b/CHANGES-FCGID
@@ -1,6 +1,10 @@
-*- coding: utf-8 -*-
Changes with mod_fcgid 2.3.8
+ *) SECURITY: CVE-2013-4365 (cve.mitre.org)
+ Fix possible heap buffer overwrite. Reported and solved by:
+ [Robert Matthews <rob tigertech.com>]
+
*) Add experimental cmake-based build system for Windows. [Jeff Trawick]
*) Correctly parse quotation and escaped spaces in FcgidWrapper and the
diff --git a/modules/fcgid/fcgid_bucket.c b/modules/fcgid/fcgid_bucket.c
index 7313f29..bbc336d 100644
--- a/modules/fcgid/fcgid_bucket.c
+++ b/modules/fcgid/fcgid_bucket.c
@@ -112,10 +112,12 @@
if (header.type == FCGI_STDERR) {
char *logbuf = apr_bucket_alloc(APR_BUCKET_BUFF_SIZE, b->list);
char *line;
+ apr_size_t hasput;
memset(logbuf, 0, APR_BUCKET_BUFF_SIZE);
hasread = 0;
+ hasput = 0;
while (hasread < bodysize) {
char *buffer;
apr_size_t bufferlen, canput, willput;
@@ -130,9 +132,10 @@
canput = fcgid_min(bufferlen, bodysize - hasread);
willput =
- fcgid_min(canput, APR_BUCKET_BUFF_SIZE - hasread - 1);
- memcpy(logbuf + hasread, buffer, willput);
+ fcgid_min(canput, APR_BUCKET_BUFF_SIZE - hasput - 1);
+ memcpy(logbuf + hasput, buffer, willput);
hasread += canput;
+ hasput += willput;
/* Ignore the "canput" bytes */
fcgid_ignore_bytes(ctx, canput);