httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From yla...@apache.org
Subject svn commit: r1640034 - in /httpd/httpd/trunk: CHANGES docs/log-message-tags/next-number modules/aaa/mod_authnz_fcgi.c modules/proxy/mod_proxy_fcgi.c
Date Sun, 16 Nov 2014 21:52:40 GMT
Author: ylavic
Date: Sun Nov 16 21:52:40 2014
New Revision: 1640034

URL: http://svn.apache.org/r1640034
Log:
Revert r1638818, r1639812, r1639717 and r1639814 for new staging.

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/docs/log-message-tags/next-number
    httpd/httpd/trunk/modules/aaa/mod_authnz_fcgi.c
    httpd/httpd/trunk/modules/proxy/mod_proxy_fcgi.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1640034&r1=1640033&r2=1640034&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Sun Nov 16 21:52:40 2014
@@ -1,13 +1,6 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
   
-  *) SECURITY: CVE-2014-3583 (cve.mitre.org)
-     mod_proxy_fcgi: Fix a potential crash with response headers' size above 8K.
-     [Teguh <chain rop.io>, Yann Ylavic]
-
-  *) mod_authnz_fcgi: Fix a potential crash with response headers' size above 8K.
-     [Yann Ylavic]
-
   *) mod_authnz_ldap: Resolve crashes with LDAP authz and non-LDAP authn since 
      r1608202. [Eric Covener]
  

Modified: httpd/httpd/trunk/docs/log-message-tags/next-number
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/log-message-tags/next-number?rev=1640034&r1=1640033&r2=1640034&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/log-message-tags/next-number (original)
+++ httpd/httpd/trunk/docs/log-message-tags/next-number Sun Nov 16 21:52:40 2014
@@ -1 +1 @@
-2822
+2821

Modified: httpd/httpd/trunk/modules/aaa/mod_authnz_fcgi.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/mod_authnz_fcgi.c?rev=1640034&r1=1640033&r2=1640034&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/aaa/mod_authnz_fcgi.c (original)
+++ httpd/httpd/trunk/modules/aaa/mod_authnz_fcgi.c Sun Nov 16 21:52:40 2014
@@ -406,12 +406,13 @@ enum {
  *
  * Returns 0 if it can't find the end of the headers, and 1 if it found the
  * end of the headers. */
-static int handle_headers(request_rec *r, int *state,
-                          char *readbuf, apr_size_t readlen)
+static int handle_headers(request_rec *r,
+                          int *state,
+                          char *readbuf)
 {
     const char *itr = readbuf;
 
-    while (readlen) {
+    while (*itr) {
         if (*itr == '\r') {
             switch (*state) {
                 case HDR_STATE_GOT_CRLF:
@@ -449,7 +450,6 @@ static int handle_headers(request_rec *r
         if (*state == HDR_STATE_DONE_WITH_HEADERS)
             break;
 
-        --readlen;
         ++itr;
     }
 
@@ -555,17 +555,7 @@ static apr_status_t handle_response(cons
                 APR_BRIGADE_INSERT_TAIL(ob, b);
 
                 if (!seen_end_of_headers) {
-                    int st = handle_headers(r, &header_state, readbuf,
-                                            readbuflen);
-
-                    if (st == -1) {
-                        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                                      APLOGNO(02821) "%s: error reading "
-                                      "headers from %s",
-                                      fn, conf->backend);
-                        rv = APR_EINVAL;
-                        break;
-                    }
+                    int st = handle_headers(r, &header_state, readbuf);
 
                     if (st == 1) {
                         int status;
@@ -656,7 +646,7 @@ static apr_status_t handle_response(cons
         /*
          * Read/discard any trailing padding.
          */
-        if (rv == APR_SUCCESS && plen) {
+        if (plen) {
             rv = recv_data_full(conf, r, s, readbuf, plen);
             if (rv != APR_SUCCESS) {
                 ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,

Modified: httpd/httpd/trunk/modules/proxy/mod_proxy_fcgi.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_fcgi.c?rev=1640034&r1=1640033&r2=1640034&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/proxy/mod_proxy_fcgi.c (original)
+++ httpd/httpd/trunk/modules/proxy/mod_proxy_fcgi.c Sun Nov 16 21:52:40 2014
@@ -18,8 +18,6 @@
 #include "util_fcgi.h"
 #include "util_script.h"
 
-#include "apr_lib.h" /* for apr_iscntrl() */
-
 module AP_MODULE_DECLARE_DATA proxy_fcgi_module;
 
 /*
@@ -312,12 +310,13 @@ enum {
  *
  * Returns 0 if it can't find the end of the headers, and 1 if it found the
  * end of the headers. */
-static int handle_headers(request_rec *r, int *state,
-                          const char *readbuf, apr_size_t readlen)
+static int handle_headers(request_rec *r,
+                          int *state,
+                          char *readbuf)
 {
     const char *itr = readbuf;
 
-    while (readlen) {
+    while (*itr) {
         if (*itr == '\r') {
             switch (*state) {
                 case HDR_STATE_GOT_CRLF:
@@ -355,7 +354,6 @@ static int handle_headers(request_rec *r
         if (*state == HDR_STATE_DONE_WITH_HEADERS)
             break;
 
-        --readlen;
         ++itr;
     }
 
@@ -565,14 +563,7 @@ recv_again:
                     APR_BRIGADE_INSERT_TAIL(ob, b);
 
                     if (! seen_end_of_headers) {
-                        int st = handle_headers(r, &header_state, iobuf,
-                                                readbuflen);
-
-                        if (st == -1) {
-                            *err = "parsing response headers";
-                            rv = APR_EINVAL;
-                            break;
-                        }
+                        int st = handle_headers(r, &header_state, iobuf);
 
                         if (st == 1) {
                             int status;
@@ -693,11 +684,6 @@ recv_again:
                 break;
             }
 
-            if (*err) {
-                /* stop on error in the above switch */
-                break;
-            }
-
             if (plen) {
                 rv = get_data_full(conn, iobuf, plen);
                 if (rv != APR_SUCCESS) {



Mime
View raw message