From: Christophe Jaillet Date: Thu, 18 Sep 2014 21:01:40 +0000 (+0000) Subject: Content-Length header should always be interpreted as a decimal. X-Git-Tag: 2.5.0-alpha~3837 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=40cc356ac3374000715ebb316fb5d3ec9720d5a6;p=apache Content-Length header should always be interpreted as a decimal. Leading 0 could be erroneously considered as an octal value. PR 56598. [Chris Card ] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1626086 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index deed72ceef..40d1683cca 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,10 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.0 + *) Content-Length header should be always interpreted as a decimal. Leading 0 + could be erroneously considered as an octal value. PR 56598. + [Chris Card ] + *) SECURITY: CVE-2014-3581 (cve.mitre.org) mod_cache: Avoid a crash when Content-Type has an empty value. PR56924. [Mark Montague , Jan Kaluza] diff --git a/modules/apreq/filter.c b/modules/apreq/filter.c index 09f24a2c5f..d2d8996eda 100644 --- a/modules/apreq/filter.c +++ b/modules/apreq/filter.c @@ -124,7 +124,7 @@ void apreq_filter_init_context(ap_filter_t *f) if (cl_header != NULL) { char *dummy; - apr_uint64_t content_length = apr_strtoi64(cl_header,&dummy,0); + apr_uint64_t content_length = apr_strtoi64(cl_header, &dummy, 10); if (dummy == NULL || *dummy != 0) { ap_log_rerror(APLOG_MARK, APLOG_ERR, APR_EGENERAL, r, APLOGNO(02045) diff --git a/server/apreq_module_cgi.c b/server/apreq_module_cgi.c index 1c8fbfa88c..d3910f40e1 100644 --- a/server/apreq_module_cgi.c +++ b/server/apreq_module_cgi.c @@ -352,7 +352,7 @@ static void init_body(apreq_handle_t *handle) if (cl_header != NULL) { char *dummy; - apr_int64_t content_length = apr_strtoi64(cl_header, &dummy, 0); + apr_int64_t content_length = apr_strtoi64(cl_header, &dummy, 10); if (dummy == NULL || *dummy != 0) { req->body_status = APREQ_ERROR_BADHEADER;