Kristyna Streitova
d3e2121d30
CVE-2015-0253 OBS-URL: https://build.opensuse.org/request/show/306357 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=444
25 lines
1.0 KiB
Diff
25 lines
1.0 KiB
Diff
SECURITY: CVE-2015-0253 (cve.mitre.org)
|
|
core: Fix a crash introduced in with ErrorDocument 400 pointing
|
|
to a local URL-path with the INCLUDES filter active, introduced
|
|
in 2.4.11. PR 57531. [Yann Ylavic]
|
|
--- httpd/httpd/trunk/server/protocol.c 2015/03/05 02:31:42 1664204
|
|
+++ httpd/httpd/trunk/server/protocol.c 2015/03/05 02:33:16 1664205
|
|
@@ -606,8 +606,6 @@
|
|
*/
|
|
if (APR_STATUS_IS_ENOSPC(rv)) {
|
|
r->status = HTTP_REQUEST_URI_TOO_LARGE;
|
|
- r->proto_num = HTTP_VERSION(1,0);
|
|
- r->protocol = apr_pstrdup(r->pool, "HTTP/1.0");
|
|
}
|
|
else if (APR_STATUS_IS_TIMEUP(rv)) {
|
|
r->status = HTTP_REQUEST_TIME_OUT;
|
|
@@ -615,6 +613,8 @@
|
|
else if (APR_STATUS_IS_EINVAL(rv)) {
|
|
r->status = HTTP_BAD_REQUEST;
|
|
}
|
|
+ r->proto_num = HTTP_VERSION(1,0);
|
|
+ r->protocol = apr_pstrdup(r->pool, "HTTP/1.0");
|
|
return 0;
|
|
}
|
|
} while ((len <= 0) && (++num_blank_lines < max_blank_lines));
|