]> granicus.if.org Git - apache/commit
projects / apache / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a3f2b88) | patch
Merge r1640036, r1640331 from trunk:
authorJoe Orton <jorton@apache.org>
Tue, 25 Nov 2014 09:17:19 +0000 (09:17 +0000)
committerJoe Orton <jorton@apache.org>
Tue, 25 Nov 2014 09:17:19 +0000 (09:17 +0000)
commitf2d64096855789a51b02af4aaa8bbdfb1680bd28
tree97981cb3b6a7de49a06fd4efc94e683ddde0b6cbtree | snapshot
parenta3f2b888532ebb9e4ce64c91670739914cc3197ccommit | diff
Merge r1640036, r1640331 from trunk:

mod_proxy_fcgi: SECURITY: CVE-2014-3583 (cve.mitre.org)
Fix a potential crash with response headers' size above 8K.

The code changes to mod_authnz_fcgi keep the handle_headers()
function in sync between the two modules.  mod_authnz_fcgi
does not have this issue because it allocated a separate byte
for terminating '\0'.

Submitted by: ylavic, trawick
Reviewed by: ylavic, trawick, mrumph

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1641551 13f79535-47bb-0310-9956-ffa450edef68
CHANGES diff | blob | history
modules/aaa/mod_authnz_fcgi.c diff | blob | history
modules/proxy/mod_proxy_fcgi.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.