SECURITY: CVE-2010-0408 (cve.mitre.org)

mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent after
request headers indicate a request body is incoming; this is not a case of
HTTP_INTERNAL_SERVER_ERROR.

Submitted by: Niku Toivola <niku.toivola sulake.com>
Reviewed by: rpluem, jim, wrowe
Backports: r917875

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@917876 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index ac47bfe8a6751281d9653b20a10a85e2349cafa2..dbd1eb9bd50e7aeee33fe640e37babd4a4d8f138 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,11 @@ Changes with Apache 2.2.15
      access control is still vulnerable, unless using OpenSSL >= 0.9.8l.
      [Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>]
 
+  *) SECURITY: CVE-2010-0408 (cve.mitre.org)
+     mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent
+     when request headers indicate a request body is incoming; not a case of
+     HTTP_INTERNAL_SERVER_ERROR.  [Niku Toivola <niku.toivola sulake.com>]
+
   *) SECURITY: CVE-2010-0425 (cve.mitre.org)
      mod_isapi: Do not unload an isapi .dll module until the request
      processing is completed, avoiding orphaned callback pointers.

diff --git a/modules/proxy/mod_proxy_ajp.c b/modules/proxy/mod_proxy_ajp.c
index bec8912af73725cbbf69f3737a2f9a7de69da591..fa8c41f814a8833d382c1909d797f4dccde672db 100644 (file)
--- a/modules/proxy/mod_proxy_ajp.c
+++ b/modules/proxy/mod_proxy_ajp.c
@@ -257,7 +257,7 @@ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r,
             ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
                          "proxy: ap_get_brigade failed");
             apr_brigade_destroy(input_brigade);
-            return HTTP_INTERNAL_SERVER_ERROR;
+            return HTTP_BAD_REQUEST;
         }
 
         /* have something */