Fri Nov 11 07:58:03 2011 UTC ()

fix for http://secunia.com/advisories/45793/
snarfed (with adjustment regarding location) from
http://svn.apache.org/viewvc/httpd/httpd/trunk/server/util.c?r1=1198940&r2=1198939&pathrev=1198940


(spz)

diff -r1.72 -r1.73 pkgsrc/www/apache22/Makefile
diff -r1.43 -r1.44 pkgsrc/www/apache22/distinfo
diff -r0 -r1.1 pkgsrc/www/apache22/patches/patch-server_util.c

--- pkgsrc/www/apache22/Attic/Makefile 2011/10/10 10:13:42 1.72
+++ pkgsrc/www/apache22/Attic/Makefile 2011/11/11 07:58:03 1.73

 @@ -1,19 +1,19 @@
-# $NetBSD: Makefile,v 1.72 2011/10/10 10:13:42 taca Exp $
+# $NetBSD: Makefile,v 1.73 2011/11/11 07:58:03 spz Exp $
 DISTNAME=	httpd-2.2.21
 PKGNAME=	${DISTNAME:S/httpd/apache/}
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_APACHE:=httpd/} \
 		http://archive.apache.org/dist/httpd/ \
 		http://archive.eu.apache.org/dist/httpd/
 EXTRACT_SUFX=	.tar.bz2
 MAINTAINER=	tron@NetBSD.org
 HOMEPAGE=	http://httpd.apache.org/
 COMMENT=	Apache HTTP (Web) server, version 2.2
 LICENSE=	apache-2.0
 PKG_DESTDIR_SUPPORT=	user-destdir

--- pkgsrc/www/apache22/Attic/distinfo 2011/10/10 10:13:42 1.43
+++ pkgsrc/www/apache22/Attic/distinfo 2011/11/11 07:58:03 1.44

 @@ -1,19 +1,20 @@
-$NetBSD: distinfo,v 1.43 2011/10/10 10:13:42 taca Exp $
+$NetBSD: distinfo,v 1.44 2011/11/11 07:58:03 spz Exp $
 SHA1 (httpd-2.2.21.tar.bz2) = c02f9b05da9a7e316ff37d9053dc76a57ba51cb4
 RMD160 (httpd-2.2.21.tar.bz2) = 6464a03d78ab858b1288ea9eef4cd5f73b60a9f1
 Size (httpd-2.2.21.tar.bz2) = 5324905 bytes
 SHA1 (patch-aa) = e0bfdf6bc9cb034bea46a390a12a5508e363c9a7
 SHA1 (patch-ab) = 365cc3b0ac2d9d68ccb94f5699fe168a1c9b0150
 SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad
 SHA1 (patch-ad) = 088d6ff0e7a8acfe70b4f85a6ce58d42c935fd13
 SHA1 (patch-ae) = 86b307d6eefef232b6223afc3f69e64be40bd913
 SHA1 (patch-af) = 312d3bce5e1bf6e747b5f0f313d89bf5b4636392
 SHA1 (patch-ag) = 78dcb023f524ef65928b529320932c9664ec0d01
 SHA1 (patch-ai) = 4ebc3bd580a298973928eb6d13d2ce745eac0312
 SHA1 (patch-al) = 56b9f5c2f6fd01fe5067f9210e328cbf674c68f1
 SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08
 SHA1 (patch-aw) = ca53d67beeb2c2c4d9adb04d3d79e24a8c427fd4
 SHA1 (patch-lock.c) = 770ca03f1cb4421879bd5baa5a7c30cc91acb6e1
 SHA1 (patch-repos.c) = 0e0361b91d4b0fe6c7c55a12fdfd2e6aacc710e1
 SHA1 (patch-server_protocol.c) = 5361b5218d4f2aa22ea79e4ba6534ca0252c6e4e
 SHA1 (patch-server_util.c) = b63f73e2a482facd188eecb0864fc612d1b7b3a5

$NetBSD: patch-server_util.c,v 1.1 2011/11/11 07:58:03 spz Exp $

fix for http://secunia.com/advisories/45793/
snarfed (with adjustment regarding location) from
http://svn.apache.org/viewvc/httpd/httpd/trunk/server/util.c?r1=1198940&r2=1198939&pathrev=1198940

--- server/util.c.orig	2011-05-19 02:17:37.000000000 +0000
+++ server/util.c
@@ -391,6 +391,8 @@ AP_DECLARE(char *) ap_pregsub(apr_pool_t
             len++;
         }
         else if (no < nmatch && pmatch[no].rm_so < pmatch[no].rm_eo) {
+            if (APR_SIZE_MAX - len <= pmatch[no].rm_eo - pmatch[no].rm_so)
+                return APR_ENOMEM;
             len += pmatch[no].rm_eo - pmatch[no].rm_so;
         }