]> git.ipfire.org Git - thirdparty/apache/httpd.git/commit
projects / thirdparty / apache / httpd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5b2859d) | patch
SECURITY: CVE-2017-7668 (cve.mitre.org)
authorEric Covener <covener@apache.org>
Mon, 19 Jun 2017 16:48:42 +0000 (16:48 +0000)
committerEric Covener <covener@apache.org>
Mon, 19 Jun 2017 16:48:42 +0000 (16:48 +0000)
commitedb6db90d2474b5807b2459b3380bf947c5866fa
treeeab01244ec02148eb65d19ca1a4e43e384074265tree
parent5b2859d8d6346674227b864de586be553a9ec79ecommit | diff
SECURITY: CVE-2017-7668 (cve.mitre.org)
The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a
bug in token list parsing, which allows ap_find_token() to search past
the end of its input string. By maliciously crafting a sequence of
request headers, an attacker may be able to cause a segmentation fault,
or to force ap_find_token() to return an incorrect value.

Merge r1796350 from trunk:
short-circuit on NULL

Submitted By: jchampion
Reviewed By: jchampion, wrowe, ylavic

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1799228 13f79535-47bb-0310-9956-ffa450edef68
CHANGES diff | blob | blame | history
STATUS diff | blob | blame | history
server/util.c diff | blob | blame | history
Mirror of https://github.com/apache/httpd.git