httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe Jr." <>
Subject Re: [PATCH] ap_pregsub_ex and somewhat-limited ap_pregsub() to 2.2.x branch
Date Fri, 21 Jun 2013 18:43:53 GMT
On Fri, 21 Jun 2013 13:19:36 -0400
Jeff Trawick <> wrote:

> Even with the CVE-2011-3607 it is still possible to DOS the server by
> consuming huge amounts of memory with mod_setenvif using a specially
> crafted configuration.
> Here's a backport of an existing fix in 2.4.x which resolves the
> issue I reproduced.  Note that unlike in 2.4.x we need ap_pregsub to
> handle somewhat arbitrary string lengths.  I picked 64MB, which can
> be overridden at compile time.
> This is essentially a grab of ap_pregsub/ap_pregsub_ex from 2.4.x
> HEAD with the minimal required changes plus
> See the XXX notes in the patch for apparent semantic changes which I
> probably need to back out.  (I haven't researched that yet.)
> Normally we use STATUS to track this but I don't think it is as
> polished as we normally expect.  Still to do (tomorrow?): Investigate
> the XXX's, run the regression suite.
> Concerns with the patch?
> Interested in any of this in the final 2.0.x release?

I am happy to hold up a short while to adopt this patch.  I'm neutral
on adding it to 2.0.x but will certainly pause for it to be committed
if others agree and will review the 2.0.x backport.

View raw message