From: William A. Rowe Jr <wrowe@apache.org>
Date: Wed, 12 Dec 2007 19:45:15 +0000 (+0000)
Subject: Hmmm.  Once patched, silly that this would hang around :)
X-Git-Tag: 2.0.62~51
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e9c2993590f675fd3cf851e62b89913e98566ed5;p=thirdparty%2Fapache%2Fhttpd.git

Hmmm.  Once patched, silly that this would hang around :)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@603713 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index f383f48231b..e4abefce18a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,10 @@ Changes with Apache 2.0.62
      mod_imagemap: Fix a cross-site scripting issue.  Reported by JPCERT.
      [Joe Orton]  
 
+  *) http_protocol: Escape request method in 413 error reporting.
+     Determined to be not generally exploitable, but a flaw in any case.
+     PR 44014 [Victor Stinner <victor.stinner inl.fr>]
+
 Changes with Apache 2.0.61
 
   *) SECURITY: CVE-2007-3847 (cve.mitre.org)
diff --git a/STATUS b/STATUS
index 09429b0b383..348e4ed0510 100644
--- a/STATUS
+++ b/STATUS
@@ -137,12 +137,7 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  * SECURITY: mod_imagemap: fix XSS issue (CVE-2007-5000)
-     Trunk version of patch:
-        http://svn.apache.org/viewvc?rev=603282&view=rev
-     Backport version for 2.0.x of patch:
-        http://people.apache.org/~jorton/2.0.x-CVE-2007-5000.diff
-    +1: jorton, rpluem, trawick
+
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ please place SVN revisions from trunk here, so it is easy to
diff --git a/modules/http/http_protocol.c b/modules/http/http_protocol.c
index d773045c224..d521842b7b6 100644
--- a/modules/http/http_protocol.c
+++ b/modules/http/http_protocol.c
@@ -2200,7 +2200,7 @@ static const char *get_canned_error_string(int status,
     case HTTP_LENGTH_REQUIRED:
         s1 = apr_pstrcat(p,
                          "<p>A request of the requested method ",
-                         r->method,
+                         ap_escape_html(r->pool, r->method),
                          " requires a valid Content-length.<br />\n",
                          NULL);
         return(add_optional_notes(r, s1, "error-notes", "</p>\n"));
@@ -2247,7 +2247,7 @@ static const char *get_canned_error_string(int status,
                            "The requested resource<br />",
                            ap_escape_html(r->pool, r->uri), "<br />\n",
                            "does not allow request data with ",
-                           r->method,
+                           ap_escape_html(r->pool, r->method),
                            " requests, or the amount of data provided in\n"
                            "the request exceeds the capacity limit.\n",
                            NULL));