You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by rj...@apache.org on 2012/08/21 19:00:34 UTC

svn propchange: r1374297 - svn:log

Author: rjung
Revision: 1374297
Modified property: svn:log

Modified: svn:log at Tue Aug 21 17:00:34 2012
------------------------------------------------------------------------------
--- svn:log (original)
+++ svn:log Tue Aug 21 17:00:34 2012
@@ -1,2 +1,22 @@
-mod_proxy_ajp/mod_proxy_http: Optimize bit field
-operations in mod_proxy.
+Fix closing the back end connection in case of error.
+The field "closed" was changed from an int to a bit
+field of size one in 2.4.x.
+For historical reasons a close instruction was coded
+as an increment on the field, which in 2.4.x flips
+the field each time. There were mutliple could paths
+that would flip it several times for a single error,
+so effectively the connection was no longer closed
+in these cases.
+
+Especially in the case of an aborted client connection
+this lead to a non consumed back end buffer and thus to
+response mixup between users.
+
+PR 53727
+
+CVE-2012-3052
+
+Backport of r1373955 from trunk.
+
+Submitted by: rjung
+Reviewed by: jim, trawick