You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ji...@apache.org on 2013/05/23 14:54:09 UTC
svn commit: r1485673 - in /httpd/httpd/branches/2.4.x: ./ CHANGES
modules/proxy/mod_proxy.c
Author: jim
Date: Thu May 23 12:54:09 2013
New Revision: 1485673
URL: http://svn.apache.org/r1485673
Log:
Merge r1481302, r1481397 from trunk:
mod_proxy: Reject invalid values for Max-Forwards.
Adjust format string
type was changed by r1481302
Submitted by: minfrin, sf
Reviewed/backported by: jim
Modified:
httpd/httpd/branches/2.4.x/ (props changed)
httpd/httpd/branches/2.4.x/CHANGES
httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy.c
Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r1481302,1481397
Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1485673&r1=1485672&r2=1485673&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Thu May 23 12:54:09 2013
@@ -2,6 +2,9 @@
Changes with Apache 2.4.5
+ *) mod_proxy: Reject invalid values for Max-Forwards. [Graham Leggett,
+ Co-Advisor <coad measurement-factory.com>]
+
*) mod_cache: RFC2616 14.9.3 The s-maxage directive also implies the
semantics of the proxy-revalidate directive. [Graham Leggett]
Modified: httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy.c?rev=1485673&r1=1485672&r2=1485673&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy.c (original)
+++ httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy.c Thu May 23 12:54:09 2013
@@ -879,7 +879,7 @@ static int proxy_handler(request_rec *r)
int i, rc, access_status;
int direct_connect = 0;
const char *str;
- long maxfwd;
+ apr_int64_t maxfwd;
proxy_balancer *balancer = NULL;
proxy_worker *worker = NULL;
int attempts = 0, max_attempts = 0;
@@ -891,8 +891,14 @@ static int proxy_handler(request_rec *r)
/* handle max-forwards / OPTIONS / TRACE */
if ((str = apr_table_get(r->headers_in, "Max-Forwards"))) {
- maxfwd = strtol(str, NULL, 10);
- if (maxfwd < 1) {
+ char *end;
+ maxfwd = apr_strtoi64(str, &end, 10);
+ if (maxfwd < 0 || maxfwd == APR_INT64_MAX || *end) {
+ return ap_proxyerror(r, HTTP_BAD_REQUEST,
+ apr_psprintf(r->pool,
+ "Max-Forwards value '%s' could not be parsed", str));
+ }
+ else if (maxfwd == 0) {
switch (r->method_number) {
case M_TRACE: {
int access_status;
@@ -913,7 +919,7 @@ static int proxy_handler(request_rec *r)
return OK;
}
default: {
- return ap_proxyerror(r, HTTP_BAD_GATEWAY,
+ return ap_proxyerror(r, HTTP_BAD_REQUEST,
"Max-Forwards has reached zero - proxy loop?");
}
}
@@ -926,7 +932,7 @@ static int proxy_handler(request_rec *r)
}
if (maxfwd >= 0) {
apr_table_setn(r->headers_in, "Max-Forwards",
- apr_psprintf(r->pool, "%ld", maxfwd));
+ apr_psprintf(r->pool, "%" APR_INT64_T_FMT, maxfwd));
}
if (r->method_number == M_TRACE) {