You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ja...@apache.org on 2014/09/18 23:01:40 UTC
svn commit: r1626086 - in /httpd/httpd/trunk: CHANGES modules/apreq/filter.c
server/apreq_module_cgi.c
Author: jailletc36
Date: Thu Sep 18 21:01:40 2014
New Revision: 1626086
URL: http://svn.apache.org/r1626086
Log:
Content-Length header should always be interpreted as a decimal.
Leading 0 could be erroneously considered as an octal value. PR 56598.
[Chris Card <ctcard hotmail com>]
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/apreq/filter.c
httpd/httpd/trunk/server/apreq_module_cgi.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1626086&r1=1626085&r2=1626086&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Thu Sep 18 21:01:40 2014
@@ -1,6 +1,10 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.0
+ *) Content-Length header should be always interpreted as a decimal. Leading 0
+ could be erroneously considered as an octal value. PR 56598.
+ [Chris Card <ctcard hotmail com>]
+
*) SECURITY: CVE-2014-3581 (cve.mitre.org)
mod_cache: Avoid a crash when Content-Type has an empty value. PR56924.
[Mark Montague <mark catseye.org>, Jan Kaluza]
Modified: httpd/httpd/trunk/modules/apreq/filter.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/apreq/filter.c?rev=1626086&r1=1626085&r2=1626086&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/apreq/filter.c (original)
+++ httpd/httpd/trunk/modules/apreq/filter.c Thu Sep 18 21:01:40 2014
@@ -124,7 +124,7 @@ void apreq_filter_init_context(ap_filter
if (cl_header != NULL) {
char *dummy;
- apr_uint64_t content_length = apr_strtoi64(cl_header,&dummy,0);
+ apr_uint64_t content_length = apr_strtoi64(cl_header, &dummy, 10);
if (dummy == NULL || *dummy != 0) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, APR_EGENERAL, r, APLOGNO(02045)
Modified: httpd/httpd/trunk/server/apreq_module_cgi.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/apreq_module_cgi.c?rev=1626086&r1=1626085&r2=1626086&view=diff
==============================================================================
--- httpd/httpd/trunk/server/apreq_module_cgi.c (original)
+++ httpd/httpd/trunk/server/apreq_module_cgi.c Thu Sep 18 21:01:40 2014
@@ -352,7 +352,7 @@ static void init_body(apreq_handle_t *ha
if (cl_header != NULL) {
char *dummy;
- apr_int64_t content_length = apr_strtoi64(cl_header, &dummy, 0);
+ apr_int64_t content_length = apr_strtoi64(cl_header, &dummy, 10);
if (dummy == NULL || *dummy != 0) {
req->body_status = APREQ_ERROR_BADHEADER;