httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject [PATCH] ap_pregsub_ex and somewhat-limited ap_pregsub() to 2.2.x branch
Date Fri, 21 Jun 2013 17:19:36 GMT
Even with the CVE-2011-3607 it is still possible to DOS the server by
consuming huge amounts of memory with mod_setenvif using a specially
crafted configuration.

Here's a backport of an existing fix in 2.4.x which resolves the issue I
reproduced.  Note that unlike in 2.4.x we need ap_pregsub to handle
somewhat arbitrary string lengths.  I picked 64MB, which can be overridden
at compile time.

http://people.apache.org/~trawick/ap_pregsub_ex_22x.txt

This is essentially a grab of ap_pregsub/ap_pregsub_ex from 2.4.x HEAD with
the minimal required changes plus
http://svn.apache.org/viewvc?view=revision&revision=1198966

See the XXX notes in the patch for apparent semantic changes which I
probably need to back out.  (I haven't researched that yet.)

Normally we use STATUS to track this but I don't think it is as polished as
we normally expect.  Still to do (tomorrow?): Investigate the XXX's, run
the regression suite.

Concerns with the patch?

Interested in any of this in the final 2.0.x release?

TIA!
-- 
Born in Roswell... married an alien...
http://emptyhammock.com/

Mime
View raw message