http_protocol: Escape request method in 413 error reporting.
Determined to be not generally exploitable, but a flaw in any case.
PR: 44014
Submitted by: Victor Stinner <victor.stinner inl.fr>
Submitted by: wrowe
Reviewed by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@602473
13f79535-47bb-0310-9956-
ffa450edef68
-*- coding: utf-8 -*-
Changes with Apache 2.2.7
+ *) http_protocol: Escape request method in 413 error reporting.
+ Determined to be not generally exploitable, but a flaw in any case.
+ PR 44014 [Victor Stinner <victor.stinner inl.fr>]
+
*) mod_filter: Don't segfault on (unsupported) chained FilterProvider usage.
PR 43956 [Nick Kew, Ruediger Pluem]
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * http_protocol: Escape request method in 413 error reporting.
- Determined to be not generally exploitable, but a flaw in any case.
- PR 44014 [Victor Stinner <victor.stinner inl.fr>]
- http://svn.apache.org/viewvc?view=rev&rev=600645
- +1: wrowe, rpluem, jim
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
case HTTP_LENGTH_REQUIRED:
s1 = apr_pstrcat(p,
"<p>A request of the requested method ",
- r->method,
+ ap_escape_html(r->pool, r->method),
" requires a valid Content-length.<br />\n",
NULL);
return(add_optional_notes(r, s1, "error-notes", "</p>\n"));
"The requested resource<br />",
ap_escape_html(r->pool, r->uri), "<br />\n",
"does not allow request data with ",
- r->method,
+ ap_escape_html(r->pool, r->method),
" requests, or the amount of data provided in\n"
"the request exceeds the capacity limit.\n",
NULL));
projects / thirdparty / apache / httpd.git / commitdiff
