File httpd-2.2.x-bnc869105-CVE-2013-6438-mod_dav-dos.diff of Package apache2.openSUSE_13.1_Update
diff -rNU 30 ../httpd-2.4.6-o/modules/dav/main/util.c ./modules/dav/main/util.c
--- ../httpd-2.4.6-o/modules/dav/main/util.c 2014-08-01 13:07:33.000000000 +0200
+++ ./modules/dav/main/util.c 2014-08-01 13:49:28.000000000 +0200
@@ -369,62 +369,64 @@
return "";
if (found_count == 1) {
if (!strip_white
|| (!apr_isspace(*found_text)
&& !apr_isspace(found_text[len - 1])))
return found_text;
}
cdata = s = apr_palloc(pool, len + 1);
for (scan = elem->first_cdata.first; scan != NULL; scan = scan->next) {
tlen = strlen(scan->text);
memcpy(s, scan->text, tlen);
s += tlen;
}
for (child = elem->first_child; child != NULL; child = child->next) {
for (scan = child->following_cdata.first;
scan != NULL;
scan = scan->next) {
tlen = strlen(scan->text);
memcpy(s, scan->text, tlen);
s += tlen;
}
}
*s = '\0';
if (strip_white) {
/* trim leading whitespace */
- while (apr_isspace(*cdata)) /* assume: return false for '\0' */
+ while (apr_isspace(*cdata)) { /* assume: return false for '\0' */
++cdata;
+ --len;
+ }
/* trim trailing whitespace */
while (len-- > 0 && apr_isspace(cdata[len]))
continue;
cdata[len + 1] = '\0';
}
return cdata;
}
DAV_DECLARE(dav_xmlns_info *) dav_xmlns_create(apr_pool_t *pool)
{
dav_xmlns_info *xi = apr_pcalloc(pool, sizeof(*xi));
xi->pool = pool;
xi->uri_prefix = apr_hash_make(pool);
xi->prefix_uri = apr_hash_make(pool);
return xi;
}
DAV_DECLARE(void) dav_xmlns_add(dav_xmlns_info *xi,
const char *prefix, const char *uri)
{
/* this "should" not overwrite a prefix mapping */
apr_hash_set(xi->prefix_uri, prefix, APR_HASH_KEY_STRING, uri);
/* note: this may overwrite an existing URI->prefix mapping, but it
doesn't matter -- any prefix is usuable to specify the URI. */
apr_hash_set(xi->uri_prefix, uri, APR_HASH_KEY_STRING, prefix);
