You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ja...@apache.org on 2014/09/18 23:01:40 UTC

svn commit: r1626086 - in /httpd/httpd/trunk: CHANGES modules/apreq/filter.c server/apreq_module_cgi.c

Author: jailletc36
Date: Thu Sep 18 21:01:40 2014
New Revision: 1626086

URL: http://svn.apache.org/r1626086
Log:
Content-Length header should always be interpreted as a decimal.
Leading 0  could be erroneously considered as an octal value. PR 56598.
[Chris Card <ctcard hotmail com>]

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/apreq/filter.c
    httpd/httpd/trunk/server/apreq_module_cgi.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1626086&r1=1626085&r2=1626086&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Thu Sep 18 21:01:40 2014
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) Content-Length header should be always interpreted as a decimal. Leading 0
+     could be erroneously considered as an octal value. PR 56598.
+     [Chris Card <ctcard hotmail com>]
+  
   *) SECURITY: CVE-2014-3581 (cve.mitre.org)
      mod_cache: Avoid a crash when Content-Type has an empty value. PR56924.
      [Mark Montague <mark catseye.org>, Jan Kaluza]

Modified: httpd/httpd/trunk/modules/apreq/filter.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/apreq/filter.c?rev=1626086&r1=1626085&r2=1626086&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/apreq/filter.c (original)
+++ httpd/httpd/trunk/modules/apreq/filter.c Thu Sep 18 21:01:40 2014
@@ -124,7 +124,7 @@ void apreq_filter_init_context(ap_filter
 
     if (cl_header != NULL) {
         char *dummy;
-        apr_uint64_t content_length = apr_strtoi64(cl_header,&dummy,0);
+        apr_uint64_t content_length = apr_strtoi64(cl_header, &dummy, 10);
 
         if (dummy == NULL || *dummy != 0) {
             ap_log_rerror(APLOG_MARK, APLOG_ERR, APR_EGENERAL, r, APLOGNO(02045)

Modified: httpd/httpd/trunk/server/apreq_module_cgi.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/apreq_module_cgi.c?rev=1626086&r1=1626085&r2=1626086&view=diff
==============================================================================
--- httpd/httpd/trunk/server/apreq_module_cgi.c (original)
+++ httpd/httpd/trunk/server/apreq_module_cgi.c Thu Sep 18 21:01:40 2014
@@ -352,7 +352,7 @@ static void init_body(apreq_handle_t *ha
 
     if (cl_header != NULL) {
         char *dummy;
-        apr_int64_t content_length = apr_strtoi64(cl_header, &dummy, 0);
+        apr_int64_t content_length = apr_strtoi64(cl_header, &dummy, 10);
 
         if (dummy == NULL || *dummy != 0) {
             req->body_status = APREQ_ERROR_BADHEADER;