/[Apache-SVN]
ViewVC logotype

Revision 1098188


Jump to revision: Previous Next
Author: wrowe
Date: Sat Apr 30 23:35:59 2011 UTC (13 years, 11 months ago)
Changed paths: 1
Log Message:
Security: CVE-2011-0419
Reported by: Maksymilian Arciemowicz <cxib securityreason.com>

Excessive CPU consumption was possible due to the unconstrained, recursive 
invocation of apr_fnmatch, as apr_fnmatch processed '*' wildcards.

Introduce new apr_fnmatch implementation.  This delivers optimizations 
in some common cases, without the underlying weakness of recursion 
present in older implementations.

Submitted by: William Rowe


Changed paths

Path Details
Directoryapr/apr/branches/1.4.x/strings/apr_fnmatch.c modified , text changed

infrastructure at apache.org
ViewVC Help
Powered by ViewVC 1.1.26