From: Jim Jagielski <jim@apache.org>
Date: Tue, 15 Jul 2014 16:11:04 +0000 (+0000)
Subject: mod_proxy Connection handling crasher, CVE-2014-0117
X-Git-Tag: 2.4.10~7
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=bb4cc03e7541c9c4fef3055597d3160a11c45ecd;p=apache

mod_proxy Connection handling crasher, CVE-2014-0117


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610737 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index ad40145784..597094f976 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,9 +2,12 @@
 
 Changes with Apache 2.4.10
 
-  *) SECURITY (CVE-2014-3523): Fix a memory consumption denial of
-     service in the WinNT MPM (used in all Windows installations).
-     Workaround: AcceptFilter <protocol> {none|connect}
+  *) SECURITY: CVE-2014-0117 (cve.mitre.org)
+     Fix crashing with mod_proxy Connection handling.
+
+  *) SECURITY: CVE-2014-3523 (cve.mitre.org)
+     Fix a memory consumption denial of service in the WinNT MPM (used in all Windows
+     installations). Workaround: AcceptFilter <protocol> {none|connect}
      [Jeff Trawick]
 
   *) SECURITY: CVE-2014-0226 (cve.mitre.org)
diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
index d8ca5a7438..bc840499c7 100644
--- a/modules/proxy/proxy_util.c
+++ b/modules/proxy/proxy_util.c
@@ -3132,7 +3132,7 @@ static int find_conn_headers(void *data, const char *key, const char *val)
     const char *name;
 
     do {
-        while (*val == ',') {
+        while (*val == ',' || *val == ';') {
             val++;
         }
         name = ap_get_token(x->pool, &val, 0);