From: William A. Rowe Jr Date: Sun, 28 Feb 2010 18:31:05 +0000 (+0000) Subject: Revert premature commit 917234 X-Git-Tag: 2.2.15~25 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6dc8fa3cde5a521fc384faf009e3a3afce5b86e2;p=thirdparty%2Fapache%2Fhttpd.git Revert premature commit 917234 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@917244 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 30427f245f1..6ffa7215d69 100644 --- a/CHANGES +++ b/CHANGES @@ -1,11 +1,6 @@ - -*- coding: utf-8 -*- + -*- coding: utf-8 -*- Changes with Apache 2.2.15 - *) Ensure each subrequest has a shallow copy of headers_in so that the - parent request headers are not corrupted. Elimiates a problematic - optimization in the case of no request body. PR 48359 - [Jake Scott, William Rowe, Ruediger Pluem] - *) SECURITY: CVE-2009-3555 (cve.mitre.org) A partial fix for the TLS renegotiation prefix injection attack by rejecting any client-initiated renegotiations. Forcibly disable keepalive diff --git a/server/protocol.c b/server/protocol.c index e5a3a4038b5..23ef080f4bc 100644 --- a/server/protocol.c +++ b/server/protocol.c @@ -1041,13 +1041,15 @@ request_rec *ap_read_request(conn_rec *conn) return r; } -/* if a request with a body creates a subrequest, remove original request's - * input headers which pertain to the body which has already been read. - * out-of-line helper function for ap_set_sub_req_protocol. +/* if a request with a body creates a subrequest, clone the original request's + * input headers minus any headers pertaining to the body which has already + * been read. out-of-line helper function for ap_set_sub_req_protocol. */ -static void strip_headers_request_body(request_rec *rnew) +static void clone_headers_no_body(request_rec *rnew, + const request_rec *r) { + rnew->headers_in = apr_table_copy(rnew->pool, r->headers_in); apr_table_unset(rnew->headers_in, "Content-Encoding"); apr_table_unset(rnew->headers_in, "Content-Language"); apr_table_unset(rnew->headers_in, "Content-Length"); @@ -1081,14 +1083,15 @@ AP_DECLARE(void) ap_set_sub_req_protocol(request_rec *rnew, rnew->status = HTTP_OK; - rnew->headers_in = apr_table_copy(rnew->pool, r->headers_in); - /* did the original request have a body? (e.g. POST w/SSI tags) * if so, make sure the subrequest doesn't inherit body headers */ if (apr_table_get(r->headers_in, "Content-Length") || apr_table_get(r->headers_in, "Transfer-Encoding")) { - strip_headers_request_body(rnew, r); + clone_headers_no_body(rnew, r); + } else { + /* no body (common case). clone headers the cheap way */ + rnew->headers_in = r->headers_in; } rnew->subprocess_env = apr_table_copy(rnew->pool, r->subprocess_env); rnew->headers_out = apr_table_make(rnew->pool, 5);