You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by co...@apache.org on 2017/06/19 17:04:13 UTC

svn commit: r1799235 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS modules/http/mod_mime.c

Author: covener
Date: Mon Jun 19 17:04:13 2017
New Revision: 1799235

URL: http://svn.apache.org/viewvc?rev=1799235&view=rev
Log:
Merge r1797550 from trunk:

mod_mime: fix quoted pair scanning


Submitted By: ylavic



Modified:
    httpd/httpd/branches/2.2.x/CHANGES
    httpd/httpd/branches/2.2.x/STATUS
    httpd/httpd/branches/2.2.x/modules/http/mod_mime.c

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=1799235&r1=1799234&r2=1799235&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Mon Jun 19 17:04:13 2017
@@ -18,6 +18,10 @@ Changes with Apache 2.2.33
      authentication phase may lead to authentication requirements being
      bypassed.
      [Emmanuel Dreyfus <manu netbsd.org>, Jacob Champion, Eric Covener]
+
+  *) SECURITY: CVE-2017-7679 (cve.mitre.org)
+     mod_mime can read one byte past the end of a buffer when sending a
+     malicious Content-Type response header.  [Yann Ylavic]
   
   *) Fix HttpProtocolOptions to inherit from global to VirtualHost scope.
      [Joe Orton]

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1799235&r1=1799234&r2=1799235&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Mon Jun 19 17:04:13 2017
@@ -104,11 +104,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-   *) mod_mime: Fix scanning of quoted-pairs.
-      trunk patch: http://svn.apache.org/r1797550
-      2.4.x patch: svn merge -c 1797550 ^/httpd/httpd/trunk .
-      +1: covener, ylavic, wrowe
-
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]

Modified: httpd/httpd/branches/2.2.x/modules/http/mod_mime.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/http/mod_mime.c?rev=1799235&r1=1799234&r2=1799235&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/http/mod_mime.c (original)
+++ httpd/httpd/branches/2.2.x/modules/http/mod_mime.c Mon Jun 19 17:04:13 2017
@@ -528,9 +528,9 @@ static int is_quoted_pair(const char *s)
     int res = -1;
     int c;
 
-    if (((s + 1) != NULL) && (*s == '\\')) {
+    if (*s == '\\') {
         c = (int) *(s + 1);
-        if (apr_isascii(c)) {
+        if (c && apr_isascii(c)) {
             res = 1;
         }
     }