httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 48359] Buffer overflow related to setting RequestHeader
Date Thu, 04 Feb 2010 23:41:54 GMT

--- Comment #16 from Will Rowe <> 2010-02-04 15:41:47 UTC ---
Note finally, the API you claim exists, Nick, has been broken since;

Revision 158798 - (view) (download) (annotate) - [select for diffs]
Modified Wed Mar 23 16:36:45 2005 UTC (4 years, 10 months ago) by gregames
File length: 52751 byte(s)
Diff to previous 151408 (colored)

don't propagate input headers describing a body to a subrequest.  this can
cause a
back end server to hang in a read for a body which no longer exists.

for all requests-with-bodies, which shipped as 2.1.5, although this change was
apparently never propagated to 2.0 (committed just before 2.0.54).

The proposed patch breaks the 'contract' of permitting the user to skip the
presumably mandatory step of walking r->main backwards to modify r->main only
for the remaining bodiless-requests.  For such requests, the existing code has
always allowed subrequest header_in changes to become invalid, which in the
case of non-prefork MPM's may later consist of another request's data (which
the administrator is free to then reflect with mod_headers).

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message