You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by wr...@apache.org on 2005/09/20 20:34:36 UTC
svn commit: r290517 - in /httpd/httpd/branches/2.0.x: CHANGES STATUS
modules/proxy/proxy_http.c
Author: wrowe
Date: Tue Sep 20 11:34:33 2005
New Revision: 290517
URL: http://svn.apache.org/viewcvs?rev=290517&view=rev
Log:
Backport trunk changes as recorded in branches/proxy-reqbody-2.0.x,
refactoring http_proxy.c request body handling. This correction
satisfies the vetoed issues in the originally backported proxy
request body handling from trunk/ in 171205.
Reviewed by: jim, minfrin
Added:
httpd/httpd/branches/2.0.x/modules/proxy/proxy_http.c
- copied unchanged from r290514, httpd/httpd/branches/proxy-reqbody-2.0.x/modules/proxy/proxy_http.c
Modified:
httpd/httpd/branches/2.0.x/CHANGES
httpd/httpd/branches/2.0.x/STATUS
Modified: httpd/httpd/branches/2.0.x/CHANGES
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/CHANGES?rev=290517&r1=290516&r2=290517&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.0.x/CHANGES [utf-8] Tue Sep 20 11:34:33 2005
@@ -1,6 +1,13 @@
-*- coding: utf-8 -*-
Changes with Apache 2.0.55
+ *) SECURITY: CAN-2005-2088 (cve.mitre.org)
+ proxy: Correctly handle the Transfer-Encoding and Content-Length
+ headers. Discard the request Content-Length whenever T-E: chunked
+ is used, always passing one of either C-L or T-E: chunked whenever
+ the request includes a request body. Resolves an entire class of
+ proxy HTTP Request Splitting/Spoofing attacks. [William Rowe]
+
*) Added TraceEnable [on|off|extended] per-server directive to alter
the behavior of the TRACE method. This addresses a flaw in proxy
conformance to RFC 2616 - previously the proxy server would accept
Modified: httpd/httpd/branches/2.0.x/STATUS
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/STATUS?rev=290517&r1=290516&r2=290517&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/STATUS (original)
+++ httpd/httpd/branches/2.0.x/STATUS Tue Sep 20 11:34:33 2005
@@ -104,29 +104,6 @@
RELEASE SHOWSTOPPERS:
- * Copy the backport branch of all of the mod_proxy_http.c's request body
- handling security, protocol and bug fixes; by svn copy'ing the file
- httpd/httpd/branches/proxy-reqbody-2.0.x/modules/proxy/proxy_http.c back to
- httpd/branches/2.0.x/... preserving the detail of all of the individually
- backported changes.
-
- +1: wrowe, jim, minfrin
- -1:
-
- For a complete history of individual unit changes, see r230703 - r230744 in
- http://svn.apache.org/viewcvs.cgi/httpd/httpd/branches/proxy-reqbody-2.0.x/
- [...] modules/proxy/proxy_http.c?&view=log
- Cite the specific patch with justification for each specific objection.
-
- Suggested; revert r219061 to thoroughly test this patch, as r219061 masks
- some underlying bugs (although it is a -good- patch in and of itself and
- provides additional protection to other content-handling modules).
-
- * TRACE must not have a request body per RFC2616; see the -trace.patch
- below for one of two alternatives. The other alternative; simply
- hack mod_proxy.c to reject TRACE when a body is seen, again see that
- -trace.patch for an illustration.
-
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
Re: svn commit: r290517 - in /httpd/httpd/branches/2.0.x: CHANGES
STATUS modules/proxy/proxy_http.c
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
Joe Orton wrote:
>
> proxy_http.c: In function 'ap_proxy_http_request':
> proxy_http.c:569: warning: 'status' may be used uninitialized in this function
> http_protocol.c: In function 'ap_send_http_trace':
> http_protocol.c:1377: warning: 'bodyread' may be used uninitialized in this function
Both, as I expected, were never-encountered edge cases. But please do
svn up and double check that our compile is clean, now, on gcc4.
Re: svn commit: r290517 - in /httpd/httpd/branches/2.0.x: CHANGES STATUS modules/proxy/proxy_http.c
Posted by Joe Orton <jo...@redhat.com>.
On Tue, Sep 20, 2005 at 06:34:36PM -0000, William Rowe wrote:
> Author: wrowe
> Date: Tue Sep 20 11:34:33 2005
> New Revision: 290517
>
> URL: http://svn.apache.org/viewcvs?rev=290517&view=rev
-Werror regressions with these commits (gcc 4):
proxy_http.c: In function 'ap_proxy_http_request':
proxy_http.c:569: warning: 'status' may be used uninitialized in this function
http_protocol.c: In function 'ap_send_http_trace':
http_protocol.c:1377: warning: 'bodyread' may be used uninitialized in this function