Changes with Apache 2.0.55
+ *) proxy HTTP: If a response contains both Transfer-Encoding and a
+ Content-Length, remove the Content-Length and don't reuse the
+ connection, mitigating some HTTP Response Splitting attacks.
+ [Jeff Trawick]
+
*) Prevent hangs of child processes when writing to piped loggers at
the time of graceful restart. PR 26467. [Jeff Trawick]
* Various fixes to T-E and C-L processing from trunk
- + proxy HTTP - ignore C-L and disable keepalive to origin server
- http://people.apache.org/~trawick/20.te-cl.txt
- +1: trawick, jorton
-
+ core: strip C-L from any request with a T-E header
http://people.apache.org/~jorton/ap_tevscl.diff
(CVE CAN-2005-2088)
return r->status;
} else {
- /* strip connection listed hop-by-hop headers from response */
const char *buf;
+
+ /* can't have both Content-Length and Transfer-Encoding */
+ if (apr_table_get(r->headers_out, "Transfer-Encoding")
+ && apr_table_get(r->headers_out, "Content-Length")) {
+ /* 2616 section 4.4, point 3: "if both Transfer-Encoding
+ * and Content-Length are received, the latter MUST be
+ * ignored"; so unset it here to prevent any confusion
+ * later. */
+ apr_table_unset(r->headers_out, "Content-Length");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
+ r->server,
+ "proxy: server %s returned Transfer-Encoding and Content-Length",
+ p_conn->name);
+ p_conn->close += 1;
+ }
+
+ /* strip connection listed hop-by-hop headers from response */
p_conn->close += ap_proxy_liststr(apr_table_get(r->headers_out,
"Connection"),
"close");
projects / thirdparty / apache / httpd.git / commitdiff
