granicus.if.org Git - apache/commit

author	Joe Orton <jorton@apache.org>
	Tue, 15 Jul 2014 12:27:00 +0000 (12:27 +0000)
committer	Joe Orton <jorton@apache.org>
	Tue, 15 Jul 2014 12:27:00 +0000 (12:27 +0000)
commit	bb2749fd6e18dd1682bd1da89b160ca4175c2ec1
tree	e9f6d384bc7ead06d7415786e78f2f4583397914	tree \| snapshot
parent	42bcf81be8dc9f51682e62bb71a6a98d4a511426	commit \| diff

SECURITY (CVE-2014-0117): Fix a crash in mod_proxy. In a reverse
proxy configuration, a remote attacker could send a carefully crafted
request which could crash a server process, resulting in denial of
service.

Thanks to Marek Kroemeke working with HP's Zero Day Initiative for
reporting this issue.

* server/util.c (ap_parse_token_list_strict): New function.

* modules/proxy/proxy_util.c (find_conn_headers): Use it here.

* modules/proxy/mod_proxy_http.c (ap_proxy_http_process_response):
Send a 400 for a malformed Connection header.

Submitted by: Edward Lu, breser, covener

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610674 13f79535-47bb-0310-9956-ffa450edef68

include/ap_mmn.h		diff \| blob \| history
include/httpd.h		diff \| blob \| history
modules/proxy/mod_proxy_http.c		diff \| blob \| history
modules/proxy/proxy_util.c		diff \| blob \| history
server/util.c		diff \| blob \| history