Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:FrontRunner
apache2
apache2-CVE-2023-38709.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File apache2-CVE-2023-38709.patch of Package apache2
Index: httpd-2.4.51/modules/http/http_filters.c =================================================================== --- httpd-2.4.51.orig/modules/http/http_filters.c +++ httpd-2.4.51/modules/http/http_filters.c @@ -1350,6 +1350,9 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_ */ apr_table_clear(r->headers_out); apr_table_clear(r->err_headers_out); + r->content_type = r->content_encoding = NULL; + r->content_languages = NULL; + r->clength = r->chunked = 0; apr_brigade_cleanup(b); /* Don't recall ap_die() if we come back here (from its own internal @@ -1366,8 +1369,6 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_ APR_BRIGADE_INSERT_TAIL(b, e); e = apr_bucket_eos_create(c->bucket_alloc); APR_BRIGADE_INSERT_TAIL(b, e); - r->content_type = r->content_encoding = NULL; - r->content_languages = NULL; ap_set_content_length(r, 0); recursive_error = 1; } @@ -1394,6 +1395,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_ if (!apr_is_empty_table(r->err_headers_out)) { r->headers_out = apr_table_overlay(r->pool, r->err_headers_out, r->headers_out); + apr_table_clear(r->err_headers_out); } /* @@ -1413,6 +1415,17 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_ fixup_vary(r); } + + /* + * Control cachability for non-cacheable responses if not already set by + * some other part of the server configuration. + */ + if (r->no_cache && !apr_table_get(r->headers_out, "Expires")) { + char *date = apr_palloc(r->pool, APR_RFC822_DATE_LEN); + ap_recent_rfc822_date(date, r->request_time); + apr_table_addn(r->headers_out, "Expires", date); + } + /* * Now remove any ETag response header field if earlier processing * says so (such as a 'FileETag None' directive). @@ -1425,6 +1438,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_ basic_http_header_check(r, &protocol); ap_set_keepalive(r); + /* 204/304 responses don't have content related headers */ if (AP_STATUS_IS_HEADER_ONLY(r->status)) { apr_table_unset(r->headers_out, "Transfer-Encoding"); apr_table_unset(r->headers_out, "Content-Length"); @@ -1467,16 +1481,6 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_ apr_table_setn(r->headers_out, "Content-Language", field); } - /* - * Control cachability for non-cacheable responses if not already set by - * some other part of the server configuration. - */ - if (r->no_cache && !apr_table_get(r->headers_out, "Expires")) { - char *date = apr_palloc(r->pool, APR_RFC822_DATE_LEN); - ap_recent_rfc822_date(date, r->request_time); - apr_table_addn(r->headers_out, "Expires", date); - } - /* This is a hack, but I can't find anyway around it. The idea is that * we don't want to send out 0 Content-Lengths if it is a head request. * This happens when modules try to outsmart the server, and return
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor