Add CVE-2010-0434 fix for consideration

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@921143 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/STATUS b/STATUS
index 339cd9959fd54c40bcc089084deb1fd03e978dd4..84fc5a7c783ffe20959b6b405247a25742c682e5 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -121,6 +121,11 @@ RELEASE SHOWSTOPPERS:
     memory usage.
     +1: trawick, wrowe
 
+  * Commit http://people.apache.org/~wrowe/CVE-2010-0434.patch
+    SECURITY: CVE-2010-0434 (cve.mitre.org)
+    note; simpler because we had not yet cleaned up input headers for subreq
+    +1: wrowe
+
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 

diff --git a/server/protocol.c b/server/protocol.c
index 18dd9f3a804f42c02118ed0b5a9ca3e5cb026621..1e624f3d8bc04e0f7f71d9a535d9fc24a5267b9b 100644 (file)
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -1022,7 +1022,7 @@ AP_DECLARE(void) ap_set_sub_req_protocol(request_rec *rnew,
 
     rnew->status          = HTTP_OK;
 
-    rnew->headers_in      = r->headers_in;
+    rnew->headers_in      = apr_table_copy(rnew->pool, r->headers_in);
     rnew->subprocess_env  = apr_table_copy(rnew->pool, r->subprocess_env);
     rnew->headers_out     = apr_table_make(rnew->pool, 5);
     rnew->err_headers_out = apr_table_make(rnew->pool, 5);