mod_dav: Fix security issue in unreleased MS-WDV support:
* modules/dav/main/ms_wdv.c (mswdv_combined_proppatch):
The MS-WDV combined PROPPATCH handler reads a 16-byte hex length
prefix from the request body and uses it directly for memory
allocation without bounds checking. An attacker can specify an
extremely large value to trigger OOM and crash the worker process.
This patch validates the parsed length against LimitXMLRequestBody
and APR_SIZE_MAX before allocation.
Reported by: Pavel Kohout, Aisle Research, www.aisle.com
Submitted by: Pavel Kohout, jorton
Github: closes #592
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@
1931148 13f79535-47bb-0310-9956-
ffa450edef68
projects / thirdparty / apache / httpd.git / commit
