access control is still vulnerable, unless using OpenSSL >= 0.9.8l.
[Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>]
+ *) Ensure each subrequest has a shallow copy of headers_in so that the
+ parent request headers are not corrupted. Elimiates a problematic
+ optimization in the case of no request body. PR 48359
+ [Jake Scott, William Rowe, Ruediger Pluem]
+
*) mod_reqtimeout: New module to set timeouts and minimum data rates for
receiving requests from the client. [Stefan Fritsch]
RELEASE SHOWSTOPPERS:
- * Ensure each subrequest has a shallow copy of headers_in so that the
- parent request headers are not corrupted. Eliminates a problematic
- optimization in the case of no request body. PR 48359
- [Jake Scott, William Rowe, Ruediger Pluem]
- Link to discussion thread (please review before voting);
- https://issues.apache.org/bugzilla/show_bug.cgi?id=48359
- Applied to trunk;
- http://svn.apache.org/viewvc/httpd/httpd/trunk/server/protocol.c?r1=901578&r2=901577
- Ported to 2.2 (also attached to PR);
- http://people.apache.org/~wrowe/httpd-headers-in-fix.patch
- +1: wrowe, minfrin, rpluem
-
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
return r;
}
-/* if a request with a body creates a subrequest, clone the original request's
- * input headers minus any headers pertaining to the body which has already
- * been read. out-of-line helper function for ap_set_sub_req_protocol.
+/* if a request with a body creates a subrequest, remove original request's
+ * input headers which pertain to the body which has already been read.
+ * out-of-line helper function for ap_set_sub_req_protocol.
*/
-static void clone_headers_no_body(request_rec *rnew,
- const request_rec *r)
+static void strip_headers_request_body(request_rec *rnew)
{
- rnew->headers_in = apr_table_copy(rnew->pool, r->headers_in);
apr_table_unset(rnew->headers_in, "Content-Encoding");
apr_table_unset(rnew->headers_in, "Content-Language");
apr_table_unset(rnew->headers_in, "Content-Length");
rnew->status = HTTP_OK;
+ rnew->headers_in = apr_table_copy(rnew->pool, r->headers_in);
+
/* did the original request have a body? (e.g. POST w/SSI tags)
* if so, make sure the subrequest doesn't inherit body headers
*/
if (apr_table_get(r->headers_in, "Content-Length")
|| apr_table_get(r->headers_in, "Transfer-Encoding")) {
- clone_headers_no_body(rnew, r);
- } else {
- /* no body (common case). clone headers the cheap way */
- rnew->headers_in = r->headers_in;
+ strip_headers_request_body(rnew);
}
rnew->subprocess_env = apr_table_copy(rnew->pool, r->subprocess_env);
rnew->headers_out = apr_table_make(rnew->pool, 5);
projects / thirdparty / apache / httpd.git / commitdiff
