From 81b6c855ff50678a9ad0955a9350036218be3438 Mon Sep 17 00:00:00 2001
From: "Andrey A. Chernov" <ache@FreeBSD.org>
Date: Thu, 27 Jul 2006 15:28:20 +0000
Subject: Security fix: off-by-one error in mod_rewrite

Submitted by:   simon
---
 www/apache13/files/patch-CVE-2006-3747 | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 www/apache13/files/patch-CVE-2006-3747

(limited to 'www/apache13/files/patch-CVE-2006-3747')

diff --git a/www/apache13/files/patch-CVE-2006-3747 b/www/apache13/files/patch-CVE-2006-3747
new file mode 100644
index 000000000000..215c7abced59
--- /dev/null
+++ b/www/apache13/files/patch-CVE-2006-3747
@@ -0,0 +1,11 @@
+--- src/modules/standard/mod_rewrite.c	(revision 421288)
++++ src/modules/standard/mod_rewrite.c	(working copy)
+@@ -2736,7 +2736,7 @@
+             int c = 0;
+ 
+             token[0] = cp = ap_pstrdup(p, cp);
+-            while (*cp && c < 5) {
++            while (*cp && c < 4) {
+                 if (*cp == '?') {
+                     token[++c] = cp + 1;
+                     *cp = '\0';
-- 
cgit v1.2.3