Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 196584 Details for
Bug 276426
<www-servers/apache-2.2.11-r1 [apache2_modules_proxy_http]: Reverse Proxy DoS (CVE-2009-1890)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
apache-CVE-2009-1890.patch
apache-CVE-2009-1890.patch (text/plain), 1.54 KB, created by
Alex Legler (RETIRED)
on 2009-07-04 07:58:59 UTC
(
hide
)
Description:
apache-CVE-2009-1890.patch
Filename:
MIME Type:
Creator:
Alex Legler (RETIRED)
Created:
2009-07-04 07:58:59 UTC
Size:
1.54 KB
patch
obsolete
>--- httpd/httpd/trunk/modules/proxy/mod_proxy_http.c 2009/07/02 13:37:39 790586 >+++ httpd/httpd/trunk/modules/proxy/mod_proxy_http.c 2009/07/02 13:41:18 790587 >@@ -427,10 +427,16 @@ > apr_off_t bytes_streamed = 0; > > if (old_cl_val) { >+ char *endstr; >+ > add_cl(p, bucket_alloc, header_brigade, old_cl_val); >- if (APR_SUCCESS != (status = apr_strtoff(&cl_val, old_cl_val, NULL, >- 0))) { >- return HTTP_INTERNAL_SERVER_ERROR; >+ status = apr_strtoff(&cl_val, old_cl_val, &endstr, 10); >+ >+ if (status || *endstr || endstr == old_cl_val || cl_val < 0) { >+ ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, >+ "proxy: could not parse request Content-Length (%s)", >+ old_cl_val); >+ return HTTP_BAD_REQUEST; > } > } > terminate_headers(bucket_alloc, header_brigade); >@@ -463,8 +469,13 @@ > * > * Prevents HTTP Response Splitting. > */ >- if (bytes_streamed > cl_val) >- continue; >+ if (bytes_streamed > cl_val) { >+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, >+ "proxy: read more bytes of request body than expected " >+ "(got %" APR_OFF_T_FMT ", expected %" APR_OFF_T_FMT ")", >+ bytes_streamed, cl_val); >+ return HTTP_INTERNAL_SERVER_ERROR; >+ } > > if (header_brigade) { > /* we never sent the header brigade, so go ahead and
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 276426
: 196584