httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@apache.org
Subject svn commit: r1005655 - in /httpd/httpd/branches/2.0.x: CHANGES STATUS include/httpd.h modules/dav/main/util.c
Date Thu, 07 Oct 2010 22:24:15 GMT
Author: wrowe
Date: Thu Oct  7 22:24:15 2010
New Revision: 1005655

URL: http://svn.apache.org/viewvc?rev=1005655&view=rev
Log:
SECURITY: CVE-2010-1452 (cve.mitre.org)
mod_dav: Fix Handling of requests without a path segment.
(mod_cache and mod_session portions don't apply to 2.0.x)

PR: 49246 
Backports: r966348
Submitted by: Mark Drayton, trawick
Reviewed by: wrowe, rjung

Modified:
    httpd/httpd/branches/2.0.x/CHANGES
    httpd/httpd/branches/2.0.x/STATUS
    httpd/httpd/branches/2.0.x/include/httpd.h
    httpd/httpd/branches/2.0.x/modules/dav/main/util.c

Modified: httpd/httpd/branches/2.0.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?rev=1005655&r1=1005654&r2=1005655&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.0.x/CHANGES [utf-8] Thu Oct  7 22:24:15 2010
@@ -1,6 +1,10 @@
-                                                         -*- coding: utf-8 -*-
+                                                         -*- coding: utf-8 -*-
 Changes with Apache 2.0.64
 
+  *) SECURITY: CVE-2010-1452 (cve.mitre.org)
+     mod_dav: Fix Handling of requests without a path segment.
+     PR: 49246 [Mark Drayton, Jeff Trawick]
+
   *) SECURITY: CVE-2009-1891 (cve.mitre.org)
      Fix a potential Denial-of-Service attack against mod_deflate or other 
      modules, by forcing the server to consume CPU time in compressing a 

Modified: httpd/httpd/branches/2.0.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/STATUS?rev=1005655&r1=1005654&r2=1005655&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/STATUS (original)
+++ httpd/httpd/branches/2.0.x/STATUS Thu Oct  7 22:24:15 2010
@@ -113,12 +113,6 @@ CURRENT RELEASE NOTES:
 
 RELEASE SHOWSTOPPERS:
 
-  * CVE-2010-1452 fix for mod_dav
-    Trunk patch: http://svn.apache.org/viewvc?view=revision&revision=966348
-      (mod_cache and mod_session portions don't apply to 2.0.x)
-    2.0.x patch: http://archive.apache.org/dist/httpd/patches/apply_to_2.0.63/CVE-2010-1452-patch-2.0.txt
-    +1: wrowe, trawick, rjung
-
   * Backport 354118: Fix recursive ErrorDocument handling [when r->status isn't
     HTTP_OK upon first pass through ap_die()]. PR #36090
     Trunk version of patch:

Modified: httpd/httpd/branches/2.0.x/include/httpd.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/include/httpd.h?rev=1005655&r1=1005654&r2=1005655&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/include/httpd.h (original)
+++ httpd/httpd/branches/2.0.x/include/httpd.h Thu Oct  7 22:24:15 2010
@@ -866,7 +866,7 @@ struct request_rec {
 
     /** The URI without any parsing performed */
     char *unparsed_uri;	
-    /** The path portion of the URI */
+    /** The path portion of the URI, or "/" if no path provided */
     char *uri;
     /** The filename on disk corresponding to this response */
     char *filename;

Modified: httpd/httpd/branches/2.0.x/modules/dav/main/util.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/modules/dav/main/util.c?rev=1005655&r1=1005654&r2=1005655&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/modules/dav/main/util.c (original)
+++ httpd/httpd/branches/2.0.x/modules/dav/main/util.c Thu Oct  7 22:24:15 2010
@@ -624,7 +624,8 @@ static dav_error * dav_process_if_header
             
             /* 2518 specifies this must be an absolute URI; just take the
              * relative part for later comparison against r->uri */
-            if (apr_uri_parse(r->pool, uri, &parsed_uri) != APR_SUCCESS) {
+            if (apr_uri_parse(r->pool, uri, &parsed_uri) != APR_SUCCESS
+                || !parsed_uri.path) {
                 return dav_new_error(r->pool, HTTP_BAD_REQUEST,
                                      DAV_ERR_IF_TAGGED,
                                      "Invalid URI in tagged If-header.");



Mime
View raw message