mod_proxy Connection handling crasher, CVE-2014-0117

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610737 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index ad40145784d36fca1815f4ed7936725491e3c416..597094f976aab51efb843f68a8c033af365936e3 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,9 +2,12 @@
 
 Changes with Apache 2.4.10
 
-  *) SECURITY (CVE-2014-3523): Fix a memory consumption denial of
-     service in the WinNT MPM (used in all Windows installations).
-     Workaround: AcceptFilter <protocol> {none|connect}
+  *) SECURITY: CVE-2014-0117 (cve.mitre.org)
+     Fix crashing with mod_proxy Connection handling.
+
+  *) SECURITY: CVE-2014-3523 (cve.mitre.org)
+     Fix a memory consumption denial of service in the WinNT MPM (used in all Windows
+     installations). Workaround: AcceptFilter <protocol> {none|connect}
      [Jeff Trawick]
 
   *) SECURITY: CVE-2014-0226 (cve.mitre.org)

diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
index d8ca5a74382db09d7233111207148d5d80cc32bb..bc840499c7ba111d1e874703b6dbd4081aee099a 100644 (file)
--- a/modules/proxy/proxy_util.c
+++ b/modules/proxy/proxy_util.c
@@ -3132,7 +3132,7 @@ static int find_conn_headers(void *data, const char *key, const char *val)
     const char *name;
 
     do {
-        while (*val == ',') {
+        while (*val == ',' || *val == ';') {
             val++;
         }
         name = ap_get_token(x->pool, &val, 0);