90 lines
3.0 KiB
Diff
90 lines
3.0 KiB
Diff
Index: modules/cache/cache_util.c
|
|
================================================================================
|
|
--- CHANGES
|
|
+++ CHANGES
|
|
@@ -1,6 +1,10 @@
|
|
-*- coding: utf-8 -*-
|
|
Changes with Apache 2.2.3
|
|
|
|
+ *) SECURITY: CVE-2007-1863 (cve.mitre.org)
|
|
+ mod_cache: Prevent segmentation fault if a Cache-Control header has
|
|
+ no value [Niklas Edmundsson]
|
|
+
|
|
*) SECURITY: CVE-2006-3747 (cve.mitre.org)
|
|
mod_rewrite: Fix an off-by-one security problem in the ldap scheme
|
|
handling. For some RewriteRules this could lead to a pointer being
|
|
--- modules/cache/cache_util.c
|
|
+++ modules/cache/cache_util.c
|
|
@@ -231,7 +231,8 @@
|
|
age = ap_cache_current_age(info, age_c, r->request_time);
|
|
|
|
/* extract s-maxage */
|
|
- if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "s-maxage", &val)) {
|
|
+ if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "s-maxage", &val)
|
|
+ && val != NULL) {
|
|
smaxage = apr_atoi64(val);
|
|
}
|
|
else {
|
|
@@ -240,7 +241,8 @@
|
|
|
|
/* extract max-age from request */
|
|
if (!conf->ignorecachecontrol
|
|
- && cc_req && ap_cache_liststr(r->pool, cc_req, "max-age", &val)) {
|
|
+ && cc_req && ap_cache_liststr(r->pool, cc_req, "max-age", &val)
|
|
+ && val != NULL) {
|
|
maxage_req = apr_atoi64(val);
|
|
}
|
|
else {
|
|
@@ -248,7 +250,8 @@
|
|
}
|
|
|
|
/* extract max-age from response */
|
|
- if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "max-age", &val)) {
|
|
+ if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "max-age", &val)
|
|
+ && val != NULL) {
|
|
maxage_cresp = apr_atoi64(val);
|
|
}
|
|
else {
|
|
@@ -270,7 +273,20 @@
|
|
|
|
/* extract max-stale */
|
|
if (cc_req && ap_cache_liststr(r->pool, cc_req, "max-stale", &val)) {
|
|
- maxstale = apr_atoi64(val);
|
|
+ if(val != NULL) {
|
|
+ maxstale = apr_atoi64(val);
|
|
+ }
|
|
+ else {
|
|
+ /*
|
|
+ * If no value is assigned to max-stale, then the client is willing
|
|
+ * to accept a stale response of any age (RFC2616 14.9.3). We will
|
|
+ * set it to one year in this case as this situation is somewhat
|
|
+ * similar to a "never expires" Expires header (RFC2616 14.21)
|
|
+ * which is set to a date one year from the time the response is
|
|
+ * sent in this case.
|
|
+ */
|
|
+ maxstale = APR_INT64_C(86400*365);
|
|
+ }
|
|
}
|
|
else {
|
|
maxstale = 0;
|
|
@@ -278,7 +294,8 @@
|
|
|
|
/* extract min-fresh */
|
|
if (!conf->ignorecachecontrol
|
|
- && cc_req && ap_cache_liststr(r->pool, cc_req, "min-fresh", &val)) {
|
|
+ && cc_req && ap_cache_liststr(r->pool, cc_req, "min-fresh", &val)
|
|
+ && val != NULL) {
|
|
minfresh = apr_atoi64(val);
|
|
}
|
|
else {
|
|
@@ -407,6 +424,9 @@
|
|
next - val_start);
|
|
}
|
|
}
|
|
+ else {
|
|
+ *val = NULL;
|
|
+ }
|
|
}
|
|
return 1;
|
|
}
|