From: William A. Rowe Jr <wrowe@apache.org>
Date: Tue, 9 Mar 2010 21:51:10 +0000 (+0000)
Subject: Add CVE-2010-0434 fix for consideration
X-Git-Tag: 2.0.64~65
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=19055f36d6291080f032ab449c5f49a24d745a9e;p=thirdparty%2Fapache%2Fhttpd.git

Add CVE-2010-0434 fix for consideration

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@921143 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/STATUS b/STATUS
index 339cd9959fd..84fc5a7c783 100644
--- a/STATUS
+++ b/STATUS
@@ -121,6 +121,11 @@ RELEASE SHOWSTOPPERS:
     memory usage.
     +1: trawick, wrowe
 
+  * Commit http://people.apache.org/~wrowe/CVE-2010-0434.patch
+    SECURITY: CVE-2010-0434 (cve.mitre.org)
+    note; simpler because we had not yet cleaned up input headers for subreq
+    +1: wrowe
+
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
diff --git a/server/protocol.c b/server/protocol.c
index 18dd9f3a804..1e624f3d8bc 100644
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -1022,7 +1022,7 @@ AP_DECLARE(void) ap_set_sub_req_protocol(request_rec *rnew,
 
     rnew->status          = HTTP_OK;
 
-    rnew->headers_in      = r->headers_in;
+    rnew->headers_in      = apr_table_copy(rnew->pool, r->headers_in);
     rnew->subprocess_env  = apr_table_copy(rnew->pool, r->subprocess_env);
     rnew->headers_out     = apr_table_make(rnew->pool, 5);
     rnew->err_headers_out = apr_table_make(rnew->pool, 5);