Content-Length header should always be interpreted as a decimal.

author Christophe Jaillet <jailletc36@apache.org>

Thu, 18 Sep 2014 21:01:40 +0000 (21:01 +0000)

committer Christophe Jaillet <jailletc36@apache.org>

Thu, 18 Sep 2014 21:01:40 +0000 (21:01 +0000)
author Christophe Jaillet <jailletc36@apache.org>
Thu, 18 Sep 2014 21:01:40 +0000 (21:01 +0000)
committer Christophe Jaillet <jailletc36@apache.org>
Thu, 18 Sep 2014 21:01:40 +0000 (21:01 +0000)
diff --git a/CHANGES b/CHANGES

index deed72ceef1c9111eb9ea37cd66b5a117ed0d171..40d1683ccabe2867e92b86639222ebea4b9ad8d2 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,10 @@
                                                           -*- coding: utf-8 -*-
  Changes with Apache 2.5.0
  
+  *) Content-Length header should be always interpreted as a decimal. Leading 0
+     could be erroneously considered as an octal value. PR 56598.
+     [Chris Card <ctcard hotmail com>]
+  
    *) SECURITY: CVE-2014-3581 (cve.mitre.org)
       mod_cache: Avoid a crash when Content-Type has an empty value. PR56924.
       [Mark Montague <mark catseye.org>, Jan Kaluza]
diff --git a/modules/apreq/filter.c b/modules/apreq/filter.c

index 09f24a2c5f941db55b6ecdfea143b0d95cc45741..d2d8996edac45718fff2fc708c0b6ef1d2d137ed 100644 (file)
--- a/modules/apreq/filter.c
+++ b/modules/apreq/filter.c
@@ -124,7 +124,7 @@ void apreq_filter_init_context(ap_filter_t *f)
  
      if (cl_header != NULL) {
          char *dummy;
-        apr_uint64_t content_length = apr_strtoi64(cl_header,&dummy,0);
+        apr_uint64_t content_length = apr_strtoi64(cl_header, &dummy, 10);
  
          if (dummy == NULL || *dummy != 0) {
              ap_log_rerror(APLOG_MARK, APLOG_ERR, APR_EGENERAL, r, APLOGNO(02045)
diff --git a/server/apreq_module_cgi.c b/server/apreq_module_cgi.c

index 1c8fbfa88cf4eb02073f34a75ac32a8c5abdf916..d3910f40e1ce18a3822041bdc396743694f2aa96 100644 (file)
--- a/server/apreq_module_cgi.c
+++ b/server/apreq_module_cgi.c
@@ -352,7 +352,7 @@ static void init_body(apreq_handle_t *handle)
  
      if (cl_header != NULL) {
          char *dummy;
-        apr_int64_t content_length = apr_strtoi64(cl_header, &dummy, 0);
+        apr_int64_t content_length = apr_strtoi64(cl_header, &dummy, 10);
  
          if (dummy == NULL || *dummy != 0) {
              req->body_status = APREQ_ERROR_BADHEADER;
author	Christophe Jaillet <jailletc36@apache.org>
	Thu, 18 Sep 2014 21:01:40 +0000 (21:01 +0000)
committer	Christophe Jaillet <jailletc36@apache.org>
	Thu, 18 Sep 2014 21:01:40 +0000 (21:01 +0000)
CHANGES		patch \| blob \| history
modules/apreq/filter.c		patch \| blob \| history
server/apreq_module_cgi.c		patch \| blob \| history