From: Jim Jagielski <jim@apache.org>
Date: Sat, 8 Dec 2007 14:08:32 +0000 (+0000)
Subject: Merge r600645 from trunk:
X-Git-Tag: 2.2.7~140
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ba019f4ad3f79e4411043909c70a437a4c89e643;p=thirdparty%2Fapache%2Fhttpd.git

Merge r600645 from trunk:

http_protocol: Escape request method in 413 error reporting.
Determined to be not generally exploitable, but a flaw in any case.

PR: 44014
Submitted by: Victor Stinner <victor.stinner inl.fr>



Submitted by: wrowe
Reviewed by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@602473 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index f8f4b8ba18c..577efad71a9 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,10 @@
                                                         -*- coding: utf-8 -*-
 Changes with Apache 2.2.7
 
+  *) http_protocol: Escape request method in 413 error reporting.
+     Determined to be not generally exploitable, but a flaw in any case.
+     PR 44014 [Victor Stinner <victor.stinner inl.fr>]
+
   *) mod_filter: Don't segfault on (unsupported) chained FilterProvider usage.
      PR 43956 [Nick Kew, Ruediger Pluem]
 
diff --git a/STATUS b/STATUS
index 7a9d22a32b3..7dfae75e5bf 100644
--- a/STATUS
+++ b/STATUS
@@ -79,11 +79,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  * http_protocol: Escape request method in 413 error reporting.
-    Determined to be not generally exploitable, but a flaw in any case.
-    PR 44014 [Victor Stinner <victor.stinner inl.fr>]
-       http://svn.apache.org/viewvc?view=rev&rev=600645
-    +1: wrowe, rpluem, jim
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
diff --git a/modules/http/http_protocol.c b/modules/http/http_protocol.c
index 3d123c9e733..71d1e9d1a63 100644
--- a/modules/http/http_protocol.c
+++ b/modules/http/http_protocol.c
@@ -931,7 +931,7 @@ static const char *get_canned_error_string(int status,
     case HTTP_LENGTH_REQUIRED:
         s1 = apr_pstrcat(p,
                          "<p>A request of the requested method ",
-                         r->method,
+                         ap_escape_html(r->pool, r->method),
                          " requires a valid Content-length.<br />\n",
                          NULL);
         return(add_optional_notes(r, s1, "error-notes", "</p>\n"));
@@ -978,7 +978,7 @@ static const char *get_canned_error_string(int status,
                            "The requested resource<br />",
                            ap_escape_html(r->pool, r->uri), "<br />\n",
                            "does not allow request data with ",
-                           r->method,
+                           ap_escape_html(r->pool, r->method),
                            " requests, or the amount of data provided in\n"
                            "the request exceeds the capacity limit.\n",
                            NULL));