Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.1:kernel-2.6.32
apache2
httpd-2.2.3-CVE-2009-1890.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File httpd-2.2.3-CVE-2009-1890.patch of Package apache2
--- 2.2.x/modules/proxy/mod_proxy_http.c 2009/04/25 09:50:27 768504 +++ 2.2.x/modules/proxy/mod_proxy_http.c 2009/07/03 13:48:25 790914 @@ -422,10 +422,16 @@ apr_off_t bytes_streamed = 0; if (old_cl_val) { + char *endstr; + add_cl(p, bucket_alloc, header_brigade, old_cl_val); - if (APR_SUCCESS != (status = apr_strtoff(&cl_val, old_cl_val, NULL, - 0))) { - return HTTP_INTERNAL_SERVER_ERROR; + status = apr_strtoff(&cl_val, old_cl_val, &endstr, 10); + + if (status || *endstr || endstr == old_cl_val || cl_val < 0) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, + "proxy: could not parse request Content-Length (%s)", + old_cl_val); + return HTTP_BAD_REQUEST; } } terminate_headers(bucket_alloc, header_brigade); @@ -453,8 +459,13 @@ * * Prevents HTTP Response Splitting. */ - if (bytes_streamed > cl_val) - continue; + if (bytes_streamed > cl_val) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "proxy: read more bytes of request body than expected " + "(got %" APR_OFF_T_FMT ", expected %" APR_OFF_T_FMT ")", + bytes_streamed, cl_val); + return HTTP_INTERNAL_SERVER_ERROR; + } if (header_brigade) { /* we never sent the header brigade, so go ahead and
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor