From d2195ad449a17f3c73b1aeef4e4e2f5cd6cdee59 Mon Sep 17 00:00:00 2001 From: Eric Covener Date: Thu, 5 Jan 2017 01:34:27 +0000 Subject: [PATCH] Merge r1542549 from 2.4.x: Potential rejection of valid MaxMemFree and ThreadStackSize directives trunk patch: https://svn.apache.org/r1542338 Submitted by: Mike Rumph Reviewed by: trawick, covener, sf git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1777401 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 3 +++ server/mpm_common.c | 2 ++ 2 files changed, 5 insertions(+) diff --git a/CHANGES b/CHANGES index 3f81842f044..42ee828033e 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,9 @@ Changes with Apache 2.2.32 *) core: CVE-2016-5387: Mitigate [f]cgi "httpoxy" issues. [Dominic Scheirlinck , Yann Ylavic] + *) Fix potential rejection of valid MaxMemFree and ThreadStackSize + directives. [Mike Rumph ] + *) core: Limit to ten the number of tolerated empty lines between request. [Yann Ylavic] diff --git a/server/mpm_common.c b/server/mpm_common.c index ecb0947d8e6..e02656560f2 100644 --- a/server/mpm_common.c +++ b/server/mpm_common.c @@ -1133,6 +1133,7 @@ const char *ap_mpm_set_max_mem_free(cmd_parms *cmd, void *dummy, return err; } + errno = 0; value = strtol(arg, NULL, 0); if (value < 0 || errno == ERANGE) return apr_pstrcat(cmd->pool, "Invalid MaxMemFree value: ", @@ -1157,6 +1158,7 @@ const char *ap_mpm_set_thread_stacksize(cmd_parms *cmd, void *dummy, return err; } + errno = 0; value = strtol(arg, NULL, 0); if (value < 0 || errno == ERANGE) return apr_pstrcat(cmd->pool, "Invalid ThreadStackSize value: ", -- 2.47.2