TheGU / mod-auth-token

This module uses token based authentication to secure downloads and prevent deep-linking. Have your script or servlet generate a token to authenticate the download and let Apache handle the file transfer without having to pipe it through a script for security.
Apache License 2.0
0 stars 0 forks source link

ap_pstrcat misused could crash Apache #23

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
Standing to Apache's APR documentation at

https://apr.apache.org/docs/apr/0.9/group__apr__strings.html#g7bd80c95ffb7b3f96b
c78e7b5b5b0045

the apr_pstrcat() function takes a list of strings. The code in 1.0.6_beta 
instead passes a character ('/'), beside missing a sentinel at the end of 
parameters.

I'm attaching a patch to fix the issue.

Original issue reported on code.google.com by flameeyes on 31 Aug 2011 at 3:46

Attachments:

GoogleCodeExporter commented 9 years ago
Thanks for pointing this.
Corrected and pushed.

Original comment by teixeira...@gmail.com on 24 May 2012 at 7:39