Permalink
Browse files

*) SECURITY: CVE-2015-0253 (cve.mitre.org)

     core: Fix a crash introduced in with ErrorDocument 400 pointing
     to a local URL-path with the INCLUDES filter active, introduced
     in 2.4.11. PR 57531. [Yann Ylavic]


Submitted By: ylavic
Committed By: covener





git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1664205 13f79535-47bb-0310-9956-ffa450edef68
  • Loading branch information...
covener committed Mar 5, 2015
1 parent 1fd42eb commit 6a974059190b8a0c7e499f4ab12fe108127099cb
Showing with 7 additions and 2 deletions.
  1. +5 −0 CHANGES
  2. +2 −2 server/protocol.c
View
@@ -1,6 +1,11 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.0
+ *) SECURITY: CVE-2015-0253 (cve.mitre.org)
+ core: Fix a crash introduced in with ErrorDocument 400 pointing
+ to a local URL-path with the INCLUDES filter active, introduced
+ in 2.4.11. PR 57531. [Yann Ylavic]
+
*) core: If explicitly configured, use the KeepaliveTimeout value of the
virtual host which handled the latest request on the connection, or by
default the one of the first virtual host bound to the same IP:port.
View
@@ -606,15 +606,15 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb)
*/
if (APR_STATUS_IS_ENOSPC(rv)) {
r->status = HTTP_REQUEST_URI_TOO_LARGE;
- r->proto_num = HTTP_VERSION(1,0);
- r->protocol = apr_pstrdup(r->pool, "HTTP/1.0");
}
else if (APR_STATUS_IS_TIMEUP(rv)) {
r->status = HTTP_REQUEST_TIME_OUT;
}
else if (APR_STATUS_IS_EINVAL(rv)) {
r->status = HTTP_BAD_REQUEST;
}
+ r->proto_num = HTTP_VERSION(1,0);
+ r->protocol = apr_pstrdup(r->pool, "HTTP/1.0");
return 0;
}
} while ((len <= 0) && (++num_blank_lines < max_blank_lines));

0 comments on commit 6a97405

Please sign in to comment.