From: Graham Leggett Date: Sat, 14 Sep 2013 13:32:25 +0000 (+0000) Subject: SECURITY (CVE-2013-4352): Fix a NULL pointer deference which allowed X-Git-Tag: 2.5.0-alpha~5064 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e62246ac2b5eaab42df01b4ba96b80a89b66a966;p=apache SECURITY (CVE-2013-4352): Fix a NULL pointer deference which allowed untrusted origin servers to crash mod_cache in a forward proxy configuration. mod_cache: Avoid a crash with strcmp() when the hostname is not provided. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1523235 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index f2de0f886a..026428b235 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.0 + *) mod_cache: Avoid a crash with strcmp() when the hostname is not provided. + [Graham Leggett] + *) mod_lua: Add rudimentary support for WebSocket interaction. This is currently request-bound and only supports the WS protocol. [Daniel Gruno] diff --git a/modules/cache/cache_storage.c b/modules/cache/cache_storage.c index af60a39b84..782dc712fc 100644 --- a/modules/cache/cache_storage.c +++ b/modules/cache/cache_storage.c @@ -713,7 +713,9 @@ int cache_invalidate(cache_request_rec *cache, request_rec *r) || APR_SUCCESS != cache_canonicalise_key(r, r->pool, location, &location_uri, &location_key) - || strcmp(r->parsed_uri.hostname, location_uri.hostname)) { + || !(r->parsed_uri.hostname && location_uri.hostname + && !strcmp(r->parsed_uri.hostname, + location_uri.hostname))) { location_key = NULL; } } @@ -726,8 +728,9 @@ int cache_invalidate(cache_request_rec *cache, request_rec *r) || APR_SUCCESS != cache_canonicalise_key(r, r->pool, content_location, &content_location_uri, &content_location_key) - || strcmp(r->parsed_uri.hostname, - content_location_uri.hostname)) { + || !(r->parsed_uri.hostname && content_location_uri.hostname + && !strcmp(r->parsed_uri.hostname, + content_location_uri.hostname))) { content_location_key = NULL; } }