You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by wr...@apache.org on 2007/12/03 20:45:49 UTC

svn commit: r600645 - in /httpd/httpd/trunk: CHANGES modules/http/http_protocol.c

Author: wrowe
Date: Mon Dec  3 11:45:48 2007
New Revision: 600645

URL: http://svn.apache.org/viewvc?rev=600645&view=rev
Log:
http_protocol: Escape request method in 413 error reporting.
Determined to be not generally exploitable, but a flaw in any case.

PR: 44014
Submitted by: Victor Stinner <victor.stinner inl.fr>



Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/http/http_protocol.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=600645&r1=600644&r2=600645&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Mon Dec  3 11:45:48 2007
@@ -2,6 +2,10 @@
 Changes with Apache 2.3.0
 [ When backported to 2.2.x, remove entry from this file ]
 
+  *) http_protocol: Escape request method in 413 error reporting.
+     Determined to be not generally exploitable, but a flaw in any case.
+     PR 44014 [Victor Stinner <victor.stinner inl.fr>]
+
   *) rotatelogs: Improve atomicity when using -l and cleaup code.
      PR 44004 [Rainer Jung]
 

Modified: httpd/httpd/trunk/modules/http/http_protocol.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http/http_protocol.c?rev=600645&r1=600644&r2=600645&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/http/http_protocol.c (original)
+++ httpd/httpd/trunk/modules/http/http_protocol.c Mon Dec  3 11:45:48 2007
@@ -931,7 +931,7 @@
     case HTTP_LENGTH_REQUIRED:
         s1 = apr_pstrcat(p,
                          "<p>A request of the requested method ",
-                         r->method,
+                         ap_escape_html(r->pool, r->method),
                          " requires a valid Content-length.<br />\n",
                          NULL);
         return(add_optional_notes(r, s1, "error-notes", "</p>\n"));
@@ -978,7 +978,7 @@
                            "The requested resource<br />",
                            ap_escape_html(r->pool, r->uri), "<br />\n",
                            "does not allow request data with ",
-                           r->method,
+                           ap_escape_html(r->pool, r->method),
                            " requests, or the amount of data provided in\n"
                            "the request exceeds the capacity limit.\n",
                            NULL));