Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 190062 Details for
Bug 268154
<www-servers/apache-2.2.11-r1 mod_proxy_ajp Information Disclosure (CVE-2009-1191)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Temporary patch from upstream
PR46949.diff (text/plain), 1.59 KB, created by
Alex Legler (RETIRED)
on 2009-05-01 19:29:16 UTC
(
hide
)
Description:
Temporary patch from upstream
Filename:
MIME Type:
Creator:
Alex Legler (RETIRED)
Created:
2009-05-01 19:29:16 UTC
Size:
1.59 KB
patch
obsolete
>Index: modules/proxy/mod_proxy_ajp.c >=================================================================== >--- modules/proxy/mod_proxy_ajp.c (Revision 763379) >+++ modules/proxy/mod_proxy_ajp.c (Arbeitskopie) >@@ -307,21 +307,17 @@ > "proxy: read zero bytes, expecting" > " %" APR_OFF_T_FMT " bytes", > content_length); >- status = ajp_send_data_msg(conn->sock, msg, 0); >- if (status != APR_SUCCESS) { >- /* We had a failure: Close connection to backend */ >- conn->close++; >- ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server, >- "proxy: send failed to %pI (%s)", >- conn->worker->cp->addr, >- conn->worker->hostname); >- return HTTP_INTERNAL_SERVER_ERROR; >- } >- else { >- /* Client send zero bytes with C-L > 0 >- */ >- return HTTP_BAD_REQUEST; >- } >+ /* >+ * We can only get here if the client closed the connection >+ * to us without sending the body. >+ * Now the connection is in the wrong state on the backend. >+ * Sending an empty data msg doesn't help either as it does >+ * not move this connection to the correct state on the backend >+ * for later resusage by the next request again. >+ * Close it to clean things up. >+ */ >+ conn->close++; >+ return HTTP_BAD_REQUEST; > } > } >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=190062">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 268154
: 190062
