- -*- coding: utf-8 -*-
+ -*- coding: utf-8 -*-
Changes with Apache 2.2.15
+ *) Ensure each subrequest has a shallow copy of headers_in so that the
+ parent request headers are not corrupted. Elimiates a problematic
+ optimization in the case of no request body. PR 48359
+ [Jake Scott, William Rowe, Ruediger Pluem]
+
*) SECURITY: CVE-2009-3555 (cve.mitre.org)
A partial fix for the TLS renegotiation prefix injection attack by
rejecting any client-initiated renegotiations. Forcibly disable keepalive
RELEASE SHOWSTOPPERS:
+ * Ensure each subrequest has a shallow copy of headers_in so that the
+ parent request headers are not corrupted. Eliminates a problematic
+ optimization in the case of no request body. PR 48359
+ [Jake Scott, William Rowe, Ruediger Pluem]
+ Link to discussion thread;
+ https://issues.apache.org/bugzilla/show_bug.cgi?id=48359
+ Applied to trunk;
+ http://svn.apache.org/viewvc/httpd/httpd/trunk/server/protocol.c?r1=901578&r2=901577
+ Ported to 2.2 (also attached to PR);
+ http://people.apache.org/~wrowe/protocol_headers_copy.patch
+ +1: wrowe
+ -1: niq: this risks breaking existing apps, as discussed in
+ comments on PR 48359.
+ [wrowe notes; incorrect and invalid objection, also as
+ identified in the comments. Legitimate API users are
+ presently broken by this memory scope flaw.]
+
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
sf: Couldn't the linux 2.4 bug be worked around by calling access
twice? Once with R_OK and once with X_OK.
- * Ensure each subrequest has a shallow copy of headers_in so that the
- parent request headers are not corrupted. Eliminates a problematic
- optimization in the case of no request body. PR 48359
- [Jake Scott, William Rowe, Ruediger Pluem]
- Link to discussion thread;
- https://issues.apache.org/bugzilla/show_bug.cgi?id=48359
- Applied to trunk;
- http://svn.apache.org/viewvc/httpd/httpd/trunk/server/protocol.c?r1=901578&r2=901577
- Ported to 2.2 (also attached to PR);
- http://people.apache.org/~wrowe/protocol_headers_copy.patch
- +1: wrowe
- -1: niq: this risks breaking existing apps, as discussed in
- comments on PR 48359.
- [wrowe notes; incorrect and invalid objection, also as
- identified in the comments. Legitimate API users are
- presently broken by this memory scope flaw.]
-
* core: Support wildcards in both the directory and file components of
the path specified by the Include directive.
Trunk patch: http://svn.apache.org/viewvc?rev=909878&view=rev
return r;
}
-/* if a request with a body creates a subrequest, clone the original request's
- * input headers minus any headers pertaining to the body which has already
- * been read. out-of-line helper function for ap_set_sub_req_protocol.
+/* if a request with a body creates a subrequest, remove original request's
+ * input headers which pertain to the body which has already been read.
+ * out-of-line helper function for ap_set_sub_req_protocol.
*/
-static void clone_headers_no_body(request_rec *rnew,
- const request_rec *r)
+static void strip_headers_request_body(request_rec *rnew)
{
- rnew->headers_in = apr_table_copy(rnew->pool, r->headers_in);
apr_table_unset(rnew->headers_in, "Content-Encoding");
apr_table_unset(rnew->headers_in, "Content-Language");
apr_table_unset(rnew->headers_in, "Content-Length");
rnew->status = HTTP_OK;
+ rnew->headers_in = apr_table_copy(rnew->pool, r->headers_in);
+
/* did the original request have a body? (e.g. POST w/SSI tags)
* if so, make sure the subrequest doesn't inherit body headers
*/
if (apr_table_get(r->headers_in, "Content-Length")
|| apr_table_get(r->headers_in, "Transfer-Encoding")) {
- clone_headers_no_body(rnew, r);
- } else {
- /* no body (common case). clone headers the cheap way */
- rnew->headers_in = r->headers_in;
+ strip_headers_request_body(rnew, r);
}
rnew->subprocess_env = apr_table_copy(rnew->pool, r->subprocess_env);
rnew->headers_out = apr_table_make(rnew->pool, 5);
projects / thirdparty / apache / httpd.git / commitdiff
