From bb4cc03e7541c9c4fef3055597d3160a11c45ecd Mon Sep 17 00:00:00 2001 From: Jim Jagielski Date: Tue, 15 Jul 2014 16:11:04 +0000 Subject: [PATCH] mod_proxy Connection handling crasher, CVE-2014-0117 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610737 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 9 ++++++--- modules/proxy/proxy_util.c | 2 +- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index ad40145784..597094f976 100644 --- a/CHANGES +++ b/CHANGES @@ -2,9 +2,12 @@ Changes with Apache 2.4.10 - *) SECURITY (CVE-2014-3523): Fix a memory consumption denial of - service in the WinNT MPM (used in all Windows installations). - Workaround: AcceptFilter {none|connect} + *) SECURITY: CVE-2014-0117 (cve.mitre.org) + Fix crashing with mod_proxy Connection handling. + + *) SECURITY: CVE-2014-3523 (cve.mitre.org) + Fix a memory consumption denial of service in the WinNT MPM (used in all Windows + installations). Workaround: AcceptFilter {none|connect} [Jeff Trawick] *) SECURITY: CVE-2014-0226 (cve.mitre.org) diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c index d8ca5a7438..bc840499c7 100644 --- a/modules/proxy/proxy_util.c +++ b/modules/proxy/proxy_util.c @@ -3132,7 +3132,7 @@ static int find_conn_headers(void *data, const char *key, const char *val) const char *name; do { - while (*val == ',') { + while (*val == ',' || *val == ';') { val++; } name = ap_get_token(x->pool, &val, 0); -- 2.50.1