You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by tr...@apache.org on 2010/03/11 16:57:26 UTC
svn commit: r921910 - in /httpd/httpd/branches/2.0.x: CHANGES STATUS
server/protocol.c
Author: trawick
Date: Thu Mar 11 15:57:26 2010
New Revision: 921910
URL: http://svn.apache.org/viewvc?rev=921910&view=rev
Log:
merge from trunk and 2.2.x:
SECURITY: CVE-2010-0434 (cve.mitre.org)
Ensure each subrequest has a shallow copy of headers_in so that the
parent request headers are not corrupted. Elimiates a problematic
optimization in the case of no request body.
PR: 48359
Submitted by: Jake Scott, William Rowe, Ruediger Pluem
Reviewed by: wrowe, trawick, rpluem
Modified:
httpd/httpd/branches/2.0.x/CHANGES
httpd/httpd/branches/2.0.x/STATUS
httpd/httpd/branches/2.0.x/server/protocol.c
Modified: httpd/httpd/branches/2.0.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?rev=921910&r1=921909&r2=921910&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.0.x/CHANGES [utf-8] Thu Mar 11 15:57:26 2010
@@ -1,6 +1,12 @@
-*- coding: utf-8 -*-
Changes with Apache 2.0.64
+ *) SECURITY: CVE-2010-0434 (cve.mitre.org)
+ Ensure each subrequest has a shallow copy of headers_in so that the
+ parent request headers are not corrupted. Elimiates a problematic
+ optimization in the case of no request body. PR 48359
+ [Jake Scott, William Rowe, Ruediger Pluem]
+
*) SECURITY: CVE-2008-2364 (cve.mitre.org)
mod_proxy_http: Better handling of excessive interim responses
from origin server to prevent potential denial of service and high
Modified: httpd/httpd/branches/2.0.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/STATUS?rev=921910&r1=921909&r2=921910&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/STATUS (original)
+++ httpd/httpd/branches/2.0.x/STATUS Thu Mar 11 15:57:26 2010
@@ -114,11 +114,6 @@ CURRENT RELEASE NOTES:
RELEASE SHOWSTOPPERS:
- * Commit http://people.apache.org/~wrowe/CVE-2010-0434.patch
- SECURITY: CVE-2010-0434 (cve.mitre.org)
- note; simpler because we had not yet cleaned up input headers for subreq
- +1: wrowe, trawick, rpluem
- trawick: remember to post to apply_to_2.0.63 when approved
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
Modified: httpd/httpd/branches/2.0.x/server/protocol.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/server/protocol.c?rev=921910&r1=921909&r2=921910&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/server/protocol.c (original)
+++ httpd/httpd/branches/2.0.x/server/protocol.c Thu Mar 11 15:57:26 2010
@@ -1022,7 +1022,7 @@ AP_DECLARE(void) ap_set_sub_req_protocol
rnew->status = HTTP_OK;
- rnew->headers_in = r->headers_in;
+ rnew->headers_in = apr_table_copy(rnew->pool, r->headers_in);
rnew->subprocess_env = apr_table_copy(rnew->pool, r->subprocess_env);
rnew->headers_out = apr_table_make(rnew->pool, 5);
rnew->err_headers_out = apr_table_make(rnew->pool, 5);