Skip to content

Commit 6a97405

Browse files
committed
*) SECURITY: CVE-2015-0253 (cve.mitre.org)
core: Fix a crash introduced in with ErrorDocument 400 pointing to a local URL-path with the INCLUDES filter active, introduced in 2.4.11. PR 57531. [Yann Ylavic] Submitted By: ylavic Committed By: covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1664205 13f79535-47bb-0310-9956-ffa450edef68
1 parent 1fd42eb commit 6a97405

File tree

2 files changed

+7
-2
lines changed

2 files changed

+7
-2
lines changed

Diff for: CHANGES

+5
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,11 @@
11
-*- coding: utf-8 -*-
22
Changes with Apache 2.5.0
33

4+
*) SECURITY: CVE-2015-0253 (cve.mitre.org)
5+
core: Fix a crash introduced in with ErrorDocument 400 pointing
6+
to a local URL-path with the INCLUDES filter active, introduced
7+
in 2.4.11. PR 57531. [Yann Ylavic]
8+
49
*) core: If explicitly configured, use the KeepaliveTimeout value of the
510
virtual host which handled the latest request on the connection, or by
611
default the one of the first virtual host bound to the same IP:port.

Diff for: server/protocol.c

+2-2
Original file line numberDiff line numberDiff line change
@@ -606,15 +606,15 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb)
606606
*/
607607
if (APR_STATUS_IS_ENOSPC(rv)) {
608608
r->status = HTTP_REQUEST_URI_TOO_LARGE;
609-
r->proto_num = HTTP_VERSION(1,0);
610-
r->protocol = apr_pstrdup(r->pool, "HTTP/1.0");
611609
}
612610
else if (APR_STATUS_IS_TIMEUP(rv)) {
613611
r->status = HTTP_REQUEST_TIME_OUT;
614612
}
615613
else if (APR_STATUS_IS_EINVAL(rv)) {
616614
r->status = HTTP_BAD_REQUEST;
617615
}
616+
r->proto_num = HTTP_VERSION(1,0);
617+
r->protocol = apr_pstrdup(r->pool, "HTTP/1.0");
618618
return 0;
619619
}
620620
} while ((len <= 0) && (++num_blank_lines < max_blank_lines));

0 commit comments

Comments
 (0)