httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@apache.org
Subject svn commit: r290517 - in /httpd/httpd/branches/2.0.x: CHANGES STATUS modules/proxy/proxy_http.c
Date Tue, 20 Sep 2005 18:34:36 GMT
Author: wrowe
Date: Tue Sep 20 11:34:33 2005
New Revision: 290517

URL: http://svn.apache.org/viewcvs?rev=290517&view=rev
Log:

  Backport trunk changes as recorded in branches/proxy-reqbody-2.0.x,
  refactoring http_proxy.c request body handling.  This correction
  satisfies the vetoed issues in the originally backported proxy
  request body handling from trunk/ in 171205.

Reviewed by: jim, minfrin

Added:
    httpd/httpd/branches/2.0.x/modules/proxy/proxy_http.c
      - copied unchanged from r290514, httpd/httpd/branches/proxy-reqbody-2.0.x/modules/proxy/proxy_http.c
Modified:
    httpd/httpd/branches/2.0.x/CHANGES
    httpd/httpd/branches/2.0.x/STATUS

Modified: httpd/httpd/branches/2.0.x/CHANGES
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/CHANGES?rev=290517&r1=290516&r2=290517&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.0.x/CHANGES [utf-8] Tue Sep 20 11:34:33 2005
@@ -1,6 +1,13 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.0.55
 
+  *) SECURITY: CAN-2005-2088 (cve.mitre.org)
+     proxy: Correctly handle the Transfer-Encoding and Content-Length
+     headers.  Discard the request Content-Length whenever T-E: chunked
+     is used, always passing one of either C-L or T-E: chunked whenever 
+     the request includes a request body.  Resolves an entire class of
+     proxy HTTP Request Splitting/Spoofing attacks.  [William Rowe]
+
   *) Added TraceEnable [on|off|extended] per-server directive to alter
      the behavior of the TRACE method.  This addresses a flaw in proxy
      conformance to RFC 2616 - previously the proxy server would accept

Modified: httpd/httpd/branches/2.0.x/STATUS
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/STATUS?rev=290517&r1=290516&r2=290517&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/STATUS (original)
+++ httpd/httpd/branches/2.0.x/STATUS Tue Sep 20 11:34:33 2005
@@ -104,29 +104,6 @@
 
 RELEASE SHOWSTOPPERS:
 
-    * Copy the backport branch of all of the mod_proxy_http.c's request body 
-      handling security, protocol and bug fixes; by svn copy'ing the file
-      httpd/httpd/branches/proxy-reqbody-2.0.x/modules/proxy/proxy_http.c back to
-      httpd/branches/2.0.x/... preserving the detail of all of the individually
-      backported changes.
-
-       +1: wrowe, jim, minfrin
-       -1:
-
-      For a complete history of individual unit changes, see r230703 - r230744 in
-      http://svn.apache.org/viewcvs.cgi/httpd/httpd/branches/proxy-reqbody-2.0.x/
-      [...]  modules/proxy/proxy_http.c?&view=log
-      Cite the specific patch with justification for each specific objection.
-
-      Suggested; revert r219061 to thoroughly test this patch, as r219061 masks 
-      some underlying bugs (although it is a -good- patch in and of itself and
-      provides additional protection to other content-handling modules).      
-
-    * TRACE must not have a request body per RFC2616; see the -trace.patch
-      below for one of two alternatives.  The other alternative; simply
-      hack mod_proxy.c to reject TRACE when a body is seen, again see that
-      -trace.patch for an illustration.
-
 
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]



Mime
View raw message