mod_dav: Fix Handling of requests without a path segment.
(mod_cache and mod_session portions don't apply to 2.0.x)
PR: 49246
Backports: r966348
Submitted by: Mark Drayton, trawick
Reviewed by: wrowe, rjung
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@
1005655 13f79535-47bb-0310-9956-
ffa450edef68
- -*- coding: utf-8 -*-
+ -*- coding: utf-8 -*-
Changes with Apache 2.0.64
+ *) SECURITY: CVE-2010-1452 (cve.mitre.org)
+ mod_dav: Fix Handling of requests without a path segment.
+ PR: 49246 [Mark Drayton, Jeff Trawick]
+
*) SECURITY: CVE-2009-1891 (cve.mitre.org)
Fix a potential Denial-of-Service attack against mod_deflate or other
modules, by forcing the server to consume CPU time in compressing a
RELEASE SHOWSTOPPERS:
- * CVE-2010-1452 fix for mod_dav
- Trunk patch: http://svn.apache.org/viewvc?view=revision&revision=966348
- (mod_cache and mod_session portions don't apply to 2.0.x)
- 2.0.x patch: http://archive.apache.org/dist/httpd/patches/apply_to_2.0.63/CVE-2010-1452-patch-2.0.txt
- +1: wrowe, trawick, rjung
-
* Backport 354118: Fix recursive ErrorDocument handling [when r->status isn't
HTTP_OK upon first pass through ap_die()]. PR #36090
Trunk version of patch:
/** The URI without any parsing performed */
char *unparsed_uri;
- /** The path portion of the URI */
+ /** The path portion of the URI, or "/" if no path provided */
char *uri;
/** The filename on disk corresponding to this response */
char *filename;
/* 2518 specifies this must be an absolute URI; just take the
* relative part for later comparison against r->uri */
- if (apr_uri_parse(r->pool, uri, &parsed_uri) != APR_SUCCESS) {
+ if (apr_uri_parse(r->pool, uri, &parsed_uri) != APR_SUCCESS
+ || !parsed_uri.path) {
return dav_new_error(r->pool, HTTP_BAD_REQUEST,
DAV_ERR_IF_TAGGED,
"Invalid URI in tagged If-header.");
projects / thirdparty / apache / httpd.git / commitdiff
