httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@apache.org
Subject svn commit: r917875 - /httpd/httpd/trunk/modules/proxy/mod_proxy_ajp.c
Date Tue, 02 Mar 2010 04:46:14 GMT
Author: wrowe
Date: Tue Mar  2 04:46:13 2010
New Revision: 917875

URL: http://svn.apache.org/viewvc?rev=917875&view=rev
Log:
SECURITY: CVE-2010-0408 (cve.mitre.org)

mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent after
request headers indicate a request body is incoming; this is not a case of
HTTP_INTERNAL_SERVER_ERROR.

Submitted by: Niku Toivola <niku.toivola sulake.com>

rpluem, jim, wrowe


Modified:
    httpd/httpd/trunk/modules/proxy/mod_proxy_ajp.c

Modified: httpd/httpd/trunk/modules/proxy/mod_proxy_ajp.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_ajp.c?rev=917875&r1=917874&r2=917875&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/proxy/mod_proxy_ajp.c (original)
+++ httpd/httpd/trunk/modules/proxy/mod_proxy_ajp.c Tue Mar  2 04:46:13 2010
@@ -257,7 +257,7 @@
             ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
                          "proxy: ap_get_brigade failed");
             apr_brigade_destroy(input_brigade);
-            return HTTP_INTERNAL_SERVER_ERROR;
+            return HTTP_BAD_REQUEST;
         }
 
         /* have something */



Mime
View raw message