SECURITY: CVE-2010-3872 (cve.mitre.org)
Fix possible stack buffer overwrite. Diagnosed by the reporter.
PR 49406. [Edgar Frank <ef-lists email.de>]
--- mod_fcgid.2.2/fcgid_bucket.c 2007-07-31 10:09:20.000000000 +0100
+++ mod_fcgid.2.2/fcgid_bucket.c 2010-11-05 16:30:19.146160542 +0000
@@ -83,7 +83,7 @@
/* Initialize header */
putsize = fcgid_min(bufferlen, sizeof(header) - hasread);
- memcpy(&header + hasread, buffer, putsize);
+ memcpy((apr_byte_t *)&header + hasread, buffer, putsize);
hasread += putsize;
/* Ignore the bytes that have read */