You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rp...@apache.org on 2009/04/25 11:58:53 UTC
svn commit: r768506 - in /httpd/httpd/branches/2.2.x: ./ CHANGES STATUS
docs/ docs/conf/mime.types modules/proxy/mod_proxy_ajp.c support/ab.c
support/suexec.c
Author: rpluem
Date: Sat Apr 25 09:58:52 2009
New Revision: 768506
URL: http://svn.apache.org/viewvc?rev=768506&view=rev
Log:
Merge r763394 from trunk:
* Avoid delivering content from a previous request which failed to send a request
body by closing the connection to the backend in this case instead of reusing it.
CVE: CVE-2009-1191 (cve.mitre.org)
PR: 46949
Submitted by: rpluem
Reviewed by: rpluem, wrowe, jfclere
Modified:
httpd/httpd/branches/2.2.x/ (props changed)
httpd/httpd/branches/2.2.x/CHANGES
httpd/httpd/branches/2.2.x/STATUS
httpd/httpd/branches/2.2.x/docs/ (props changed)
httpd/httpd/branches/2.2.x/docs/conf/mime.types (props changed)
httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ajp.c
httpd/httpd/branches/2.2.x/support/ab.c (props changed)
httpd/httpd/branches/2.2.x/support/suexec.c (props changed)
Propchange: httpd/httpd/branches/2.2.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Apr 25 09:58:52 2009
@@ -1 +1 @@
-/httpd/httpd/trunk:451572,611483,639005,639010,647395,657354,657459,660461,660566,664330,678761,681190,682369,683626,685112,686805,686809,687099,687754,693120,693392,693727-693728,696006,697093,706318,707163,708902,711421,719357,720250,729316-729317,729586,732414,732504,732832,733127,733134,733218-733219,734710,743589,755190,756671,756675,756678,756683,757741,761329
+/httpd/httpd/trunk:451572,611483,639005,639010,647395,657354,657459,660461,660566,664330,678761,681190,682369,683626,685112,686805,686809,687099,687754,693120,693392,693727-693728,696006,697093,706318,707163,708902,711421,719357,720250,729316-729317,729586,732414,732504,732832,733127,733134,733218-733219,734710,743589,755190,756671,756675,756678,756683,757741,761329,763394
Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=768506&r1=768505&r2=768506&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Sat Apr 25 09:58:52 2009
@@ -1,6 +1,10 @@
-*- coding: utf-8 -*-
Changes with Apache 2.2.12
+ *) SECURITY: CVE-2009-1191 (cve.mitre.org)
+ mod_proxy_ajp: Avoid delivering content from a previous request which
+ failed to send a request body. PR 46949 [Ruediger Pluem]
+
*) mod_ssl: Add SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives
to enable stricter checking of remote server certificates.
[Ruediger Pluem]
Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=768506&r1=768505&r2=768506&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Sat Apr 25 09:58:52 2009
@@ -87,16 +87,6 @@
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
-* mod_proxy_ajp: Avoid delivering content from a previous request which failed
- to send a request body by closing the connection to the backend in this case
- instead of reusing it.
- PR: 46949
- Trunk version of patch:
- http://svn.apache.org/viewvc?rev=763394&view=rev
- Backport version for 2.2.x of patch:
- Trunk version of patch works
- +1: rpluem, wrowe, jfclere
-
* mod_proxy_ajp: Check more strictly that the backend follows the AJP protocol.
Trunk version of patch:
http://svn.apache.org/viewvc?rev=764239&view=rev
Propchange: httpd/httpd/branches/2.2.x/docs/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Apr 25 09:58:52 2009
@@ -1 +1 @@
-/httpd/httpd/trunk/docs:451572,611483,639005,639010,647395,657354,657459,660461,660566,664330,675610,678761,681190,682369,683626,684351,685112,686549,686805,686809,687099,687754,692325,693120,693392,693727-693728,696006,697093,703441,703997,706318,707163,708902,711421,719357,720250,726109,728015,728020,728220,729316-729317,729586,732414,732421,732451,732504,732832,733127,733134,733218-733219,733465,733467,733695,734703,734710,743589,755190,756671,756675,756678,756683,757741,761329
+/httpd/httpd/trunk/docs:451572,611483,639005,639010,647395,657354,657459,660461,660566,664330,675610,678761,681190,682369,683626,684351,685112,686549,686805,686809,687099,687754,692325,693120,693392,693727-693728,696006,697093,703441,703997,706318,707163,708902,711421,719357,720250,726109,728015,728020,728220,729316-729317,729586,732414,732421,732451,732504,732832,733127,733134,733218-733219,733465,733467,733695,734703,734710,743589,755190,756671,756675,756678,756683,757741,761329,763394
Propchange: httpd/httpd/branches/2.2.x/docs/conf/mime.types
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Apr 25 09:58:52 2009
@@ -1 +1 @@
-/httpd/httpd/trunk/docs/conf/mime.types:83749-721972,726109,728015,728020,728220,729316-729317,729586,732414,732421,732451,732504,732832,733127,733134,733218-733219,733465,733467,733695,734703,734710,743589,755190,756671,756675,756678,756683,757741,761329
+/httpd/httpd/trunk/docs/conf/mime.types:83749-721972,726109,728015,728020,728220,729316-729317,729586,732414,732421,732451,732504,732832,733127,733134,733218-733219,733465,733467,733695,734703,734710,743589,755190,756671,756675,756678,756683,757741,761329,763394
Modified: httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ajp.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ajp.c?rev=768506&r1=768505&r2=768506&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ajp.c (original)
+++ httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ajp.c Sat Apr 25 09:58:52 2009
@@ -307,21 +307,17 @@
"proxy: read zero bytes, expecting"
" %" APR_OFF_T_FMT " bytes",
content_length);
- status = ajp_send_data_msg(conn->sock, msg, 0);
- if (status != APR_SUCCESS) {
- /* We had a failure: Close connection to backend */
- conn->close++;
- ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server,
- "proxy: send failed to %pI (%s)",
- conn->worker->cp->addr,
- conn->worker->hostname);
- return HTTP_INTERNAL_SERVER_ERROR;
- }
- else {
- /* Client send zero bytes with C-L > 0
- */
- return HTTP_BAD_REQUEST;
- }
+ /*
+ * We can only get here if the client closed the connection
+ * to us without sending the body.
+ * Now the connection is in the wrong state on the backend.
+ * Sending an empty data msg doesn't help either as it does
+ * not move this connection to the correct state on the backend
+ * for later resusage by the next request again.
+ * Close it to clean things up.
+ */
+ conn->close++;
+ return HTTP_BAD_REQUEST;
}
}
Propchange: httpd/httpd/branches/2.2.x/support/ab.c
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Apr 25 09:58:52 2009
@@ -1 +1 @@
-/httpd/httpd/trunk/support/ab.c:83751-655654,657354,657433,657459,660461,660566,664330,678761,681190,682369,683626,685112,686805,686809,687099,687754,693120,693392,693727-693728,696006,697093,706318,707163,708902,711421,719357,720250,729316-729317,729586,732414,732504,732832,733127,733134,733218-733219,734710,743589,755190,756671,756675,756678,756683,757741,761329
+/httpd/httpd/trunk/support/ab.c:83751-655654,657354,657433,657459,660461,660566,664330,678761,681190,682369,683626,685112,686805,686809,687099,687754,693120,693392,693727-693728,696006,697093,706318,707163,708902,711421,719357,720250,729316-729317,729586,732414,732504,732832,733127,733134,733218-733219,734710,743589,755190,756671,756675,756678,756683,757741,761329,763394
Propchange: httpd/httpd/branches/2.2.x/support/suexec.c
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Apr 25 09:58:52 2009
@@ -1 +1 @@
-/httpd/httpd/trunk/support/suexec.c:451572,611483,639005,639010,647395,655711,657354,657459,660461,660566,664330,678761,681190,682369,683626,685112,686805,686809,687099,687754,693120,693392,693727-693728,696006,697093,706318,707163,708902,711421,719357,720250,729316-729317,729586,732414,732504,732832,733127,733134,733218-733219,734710,743589,755190,756671,756675,756678,756683,757741,761329
+/httpd/httpd/trunk/support/suexec.c:451572,611483,639005,639010,647395,655711,657354,657459,660461,660566,664330,678761,681190,682369,683626,685112,686805,686809,687099,687754,693120,693392,693727-693728,696006,697093,706318,707163,708902,711421,719357,720250,729316-729317,729586,732414,732504,732832,733127,733134,733218-733219,734710,743589,755190,756671,756675,756678,756683,757741,761329,763394