Merge r1542549 from 2.4.x:

author Eric Covener <covener@apache.org>

Thu, 5 Jan 2017 01:34:27 +0000 (01:34 +0000)

committer Eric Covener <covener@apache.org>

Thu, 5 Jan 2017 01:34:27 +0000 (01:34 +0000)
author Eric Covener <covener@apache.org>
Thu, 5 Jan 2017 01:34:27 +0000 (01:34 +0000)
committer Eric Covener <covener@apache.org>
Thu, 5 Jan 2017 01:34:27 +0000 (01:34 +0000)
diff --git a/CHANGES b/CHANGES

index 3f81842f044f5ddf8c548d717a5b4da9f0312758..42ee828033ed0ca3889a3db1dbd31a0cc4485774 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,9 @@ Changes with Apache 2.2.32
    *) core: CVE-2016-5387: Mitigate [f]cgi "httpoxy" issues.
       [Dominic Scheirlinck <dominic vendhq.com>, Yann Ylavic]
  
+  *) Fix potential rejection of valid MaxMemFree and ThreadStackSize
+     directives.  [Mike Rumph <mike.rumph oracle.com>]
+
    *) core: Limit to ten the number of tolerated empty lines between request.
       [Yann Ylavic]
  
diff --git a/server/mpm_common.c b/server/mpm_common.c

index ecb0947d8e6ffce8a80173390d6a5cfad2a11843..e02656560f2c177c32143d6ce635874683d36c6a 100644 (file)
--- a/server/mpm_common.c
+++ b/server/mpm_common.c
@@ -1133,6 +1133,7 @@ const char *ap_mpm_set_max_mem_free(cmd_parms *cmd, void *dummy,
          return err;
      }
  
+    errno = 0;
      value = strtol(arg, NULL, 0);
      if (value < 0 || errno == ERANGE)
          return apr_pstrcat(cmd->pool, "Invalid MaxMemFree value: ",
@@ -1157,6 +1158,7 @@ const char *ap_mpm_set_thread_stacksize(cmd_parms *cmd, void *dummy,
          return err;
      }
  
+    errno = 0;
      value = strtol(arg, NULL, 0);
      if (value < 0 || errno == ERANGE)
          return apr_pstrcat(cmd->pool, "Invalid ThreadStackSize value: ",
author	Eric Covener <covener@apache.org>
	Thu, 5 Jan 2017 01:34:27 +0000 (01:34 +0000)
committer	Eric Covener <covener@apache.org>
	Thu, 5 Jan 2017 01:34:27 +0000 (01:34 +0000)
CHANGES		patch \| blob \| blame \| history
server/mpm_common.c		patch \| blob \| blame \| history