Changes with Apache 2.0.48
+
+ *) SECURITY [CAN-2003-0789]: mod_cgid: Resolve some mishandling of
+ the AF_UNIX socket used to communicate with the cgid daemon and
+ the CGI script. [Jeff Trawick]
- *) SECURITY: CAN-2003-0542 (cve.mitre.org)
- Fix buffer overflows in mod_alias and mod_rewrite which occurred if
- one configured a regular expression with more than 9 captures.
- [André Malo]
+ *) SECURITY [CAN-2003-0542]: Fix buffer overflows in mod_alias and
+ mod_rewrite which occurred if one configured a regular expression
+ with more than 9 captures. [André Malo]
*) mod_include: fix segfault which occured if the filename was not
set, for example, when processing some error conditions.
*) mod_rewrite: Don't die silently when failing to open RewriteLogs.
PR 23416. [André Malo]
+
+ *) SECURITY [CAN-2003-0789]: mod_cgid: Resolve some mishandling of
+ the AF_UNIX socket used to communicate with the cgid daemon and
+ the CGI script. [Jeff Trawick]
+
*) mod_rewrite: Fix mod_rewrite's support of the [P] option to send
rewritten request using "proxy:". The code was adding multiple "proxy:"
fields in the rewritten URI. PR: 13946.
cleanup_script,
apr_pool_cleanup_null);
/* We are putting the socket discriptor into an apr_file_t so that we can
- * use a pipe bucket to send the data to the client.
- * Note that this does not register a cleanup for the socket. We did
- * that explicitly right after we created the socket.
+ * use a pipe bucket to send the data to the client. APR will create
+ * a cleanup for the apr_file_t which will close the socket, so we'll
+ * get rid of the cleanup we registered when we created the socket.
*/
- apr_os_pipe_put(&tempsock, &sd, r->pool);
+
+ apr_os_pipe_put_ex(&tempsock, &sd, 1, r->pool);
+ apr_pool_cleanup_kill(r->pool, (void *)sd, close_unix_socket);
if ((argv0 = strrchr(r->filename, '/')) != NULL)
argv0++;
return HTTP_MOVED_TEMPORARILY;
}
- /* Passing our socket down the filter chain in a pipe bucket
- * gives up the responsibility of closing the socket, so
- * get rid of the cleanup.
- */
- apr_pool_cleanup_kill(r->pool, (void *)sd, close_unix_socket);
-
ap_pass_brigade(r->output_filters, bb);
}
if (nph) {
struct ap_filter_t *cur;
- /* Passing our socket down the filter chain in a pipe bucket
- * gives up the responsibility of closing the socket, so
- * get rid of the cleanup.
- */
- apr_pool_cleanup_kill(r->pool, (void *)sd, close_unix_socket);
-
/* get rid of all filters up through protocol... since we
* haven't parsed off the headers, there is no way they can
* work
cleanup_script,
apr_pool_cleanup_null);
/* We are putting the socket discriptor into an apr_file_t so that we can
- * use a pipe bucket to send the data to the client.
- * Note that this does not register a cleanup for the socket. We did
- * that explicitly right after we created the socket.
- */
- apr_os_pipe_put(&tempsock, &sd, r->pool);
-
- /* Passing our socket down the filter chain in a pipe bucket
- * gives up the responsibility of closing the socket, so
- * get rid of the cleanup.
+ * use a pipe bucket to send the data to the client. APR will create
+ * a cleanup for the apr_file_t which will close the socket, so we'll
+ * get rid of the cleanup we registered when we created the socket.
*/
+ apr_os_pipe_put_ex(&tempsock, &sd, 1, r->pool);
apr_pool_cleanup_kill(r->pool, (void *)sd, close_unix_socket);
bcgi = apr_brigade_create(r->pool, r->connection->bucket_alloc);
projects / thirdparty / apache / httpd.git / commitdiff
