]> granicus.if.org Git - apache/commit
projects / apache / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 93b0078) | patch
SECURITY: CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest.
authorWilliam A. Rowe Jr <wrowe@apache.org>
Thu, 6 Jul 2017 00:02:54 +0000 (00:02 +0000)
committerWilliam A. Rowe Jr <wrowe@apache.org>
Thu, 6 Jul 2017 00:02:54 +0000 (00:02 +0000)
commit9a9867a40aacf54474786f7f4d6a0b2ba64cfec3
tree9639793c2d1e8d28635753770ae7f77bf44aab1etree | snapshot
parent93b00785aa859c81dc9676c772547e1ad9d97f0fcommit | diff
SECURITY: CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest.

The value placeholder in [Proxy-]Authorization headers type 'Digest' was not
initialized or reset before or between successive key=value assignments by
mod_auth_digest.  Providing an initial key with no '=' assignment could reflect
the stale value of uninitialized pool memory used by the prior request, leading
to leakage of potentially confidential information, and a segfault.

Submitted by: wrowe
Backports: r1800919
Reviewed by: wrowe, jim, jchampion

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1800955 13f79535-47bb-0310-9956-ffa450edef68
STATUS diff | blob | history
modules/aaa/mod_auth_digest.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.