httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Plüm, Rüdiger, VF-Group" <ruediger.pl...@vodafone.com>
Subject RE: svn commit: r790589 - /httpd/test/framework/trunk/t/security/CVE-2009-1890.t
Date Thu, 09 Jul 2009 13:24:50 GMT
 

> -----Original Message-----
> From: Dan Poirier 
> Sent: Donnerstag, 9. Juli 2009 15:10
> To: dev@httpd.apache.org
> Subject: Re: svn commit: r790589 - 
> /httpd/test/framework/trunk/t/security/CVE-2009-1890.t
> 
> jorton@apache.org writes:
> 
> > Author: jorton
> > Date: Thu Jul  2 13:42:12 2009
> > New Revision: 790589
> >
> > URL: http://svn.apache.org/viewvc?rev=790589&view=rev
> > Log:
> > - add test case for CVE-2009-1890
> >
> > Added:
> >     httpd/test/framework/trunk/t/security/CVE-2009-1890.t   
> (with props)
> 
> I've been looking at this test and I could use some help understanding
> it.  
> 
> The test doesn't seem to do what the vulnerability description talks
> about.  The vulnerability talks about sending additional data after
> sending Content-length bytes of request body, where this test sends a
> request body of the right length, just in two parts with a pause in
> between.

It adds a leading '0' to the content-length header causing the old code
to interpret the content-length as being an octal number.
Interpreting the content-length as octal results in a much lower content length
as if it was interpreted as a decimal number.

Regards

Rüdiger


Mime
View raw message