From: Jeff Trawick Date: Thu, 11 Mar 2010 15:57:26 +0000 (+0000) Subject: merge from trunk and 2.2.x: X-Git-Tag: 2.0.64~60 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4b68031296328fd1d0ee402d9e97a7580eaa07d3;p=thirdparty%2Fapache%2Fhttpd.git merge from trunk and 2.2.x: SECURITY: CVE-2010-0434 (cve.mitre.org) Ensure each subrequest has a shallow copy of headers_in so that the parent request headers are not corrupted. Elimiates a problematic optimization in the case of no request body. PR: 48359 Submitted by: Jake Scott, William Rowe, Ruediger Pluem Reviewed by: wrowe, trawick, rpluem git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@921910 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 25ba0d81d6c..9b33b1ffb41 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,12 @@ -*- coding: utf-8 -*- Changes with Apache 2.0.64 + *) SECURITY: CVE-2010-0434 (cve.mitre.org) + Ensure each subrequest has a shallow copy of headers_in so that the + parent request headers are not corrupted. Elimiates a problematic + optimization in the case of no request body. PR 48359 + [Jake Scott, William Rowe, Ruediger Pluem] + *) SECURITY: CVE-2008-2364 (cve.mitre.org) mod_proxy_http: Better handling of excessive interim responses from origin server to prevent potential denial of service and high diff --git a/STATUS b/STATUS index fc12932d1b4..d83e0dbec8c 100644 --- a/STATUS +++ b/STATUS @@ -114,11 +114,6 @@ CURRENT RELEASE NOTES: RELEASE SHOWSTOPPERS: - * Commit http://people.apache.org/~wrowe/CVE-2010-0434.patch - SECURITY: CVE-2010-0434 (cve.mitre.org) - note; simpler because we had not yet cleaned up input headers for subreq - +1: wrowe, trawick, rpluem - trawick: remember to post to apply_to_2.0.63 when approved PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] diff --git a/server/protocol.c b/server/protocol.c index 18dd9f3a804..1e624f3d8bc 100644 --- a/server/protocol.c +++ b/server/protocol.c @@ -1022,7 +1022,7 @@ AP_DECLARE(void) ap_set_sub_req_protocol(request_rec *rnew, rnew->status = HTTP_OK; - rnew->headers_in = r->headers_in; + rnew->headers_in = apr_table_copy(rnew->pool, r->headers_in); rnew->subprocess_env = apr_table_copy(rnew->pool, r->subprocess_env); rnew->headers_out = apr_table_make(rnew->pool, 5); rnew->err_headers_out = apr_table_make(rnew->pool, 5);