httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <rpl...@apache.org>
Subject Re: svn commit: r1611522 - /httpd/httpd/branches/2.2.x/STATUS
Date Fri, 18 Jul 2014 08:47:52 GMT


covener@apache.org wrote:
> Author: covener
> Date: Fri Jul 18 01:00:08 2014
> New Revision: 1611522
> 
> URL: http://svn.apache.org/r1611522
> Log:
> 
> add patch/proposal for CVE-2013-5704 trailers thing
> 
> 
> Modified:
>     httpd/httpd/branches/2.2.x/STATUS
> 
> Modified: httpd/httpd/branches/2.2.x/STATUS
> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1611522&r1=1611521&r2=1611522&view=diff
> ==============================================================================
> --- httpd/httpd/branches/2.2.x/STATUS (original)
> +++ httpd/httpd/branches/2.2.x/STATUS Fri Jul 18 01:00:08 2014
> @@ -103,6 +103,19 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
>  PATCHES PROPOSED TO BACKPORT FROM TRUNK:
>    [ New proposals should be added at the end of the list ]
>  
> +
> +  *) SECURITY: CVE-2013-5704 (cve.mitre.org)
> +     core: HTTP trailers could be used to replace HTTP headers
> +     late during request processing, potentially undoing or
> +     otherwise confusing modules that examined or modified
> +     request headers earlier.  Adds "MergeTrailers" directive to restore
> +     legacy behavior. 
> +     trunk patch: http://svn.apache.org/r1610814 
> +                  http://svn.apache.org/r1610686 (mod_log_config ^XX support) 
> +                  http://svn.apache.org/r1610707 (mod_log_cofnig ^XX support)
> +     2.2.x patch:  http://people.apache.org/~covener/patches/httpd-2.2.x-trailers.diff
> +     +1: covener


+                    if (!apr_is_empty_table(rp->trailers_in)) {
+                        apr_table_do(add_trailers, rp->trailers_out,
+                                rp->trailers_in, NULL);
+                        apr_table_clear(rp->trailers_in);
+                    }
+

I guess that should be r->trailers_out instead of rp->trailers_out.


Regards

RĂ¼diger

Mime
View raw message