a0a564f0bc
- Fix the openssl from ports flag
- Bump PORTREVISION
- Also patch 2 more CVEs
*) SECURITY: CVE-2010-0434 (cve.mitre.org)
Ensure each subrequest has a shallow copy of headers_in so that the
parent request headers are not corrupted. Elimiates a problematic
optimization in the case of no request body. PR 48359
[Jake Scott, William Rowe, Ruediger Pluem]
*) SECURITY: CVE-2008-2364 (cve.mitre.org)
mod_proxy_http: Better handling of excessive interim responses
from origin server to prevent potential denial of service and high
memory usage. Reported by Ryujiro Shibuya. [Ruediger Pluem,
Joe Orton, Jim Jagielski]
PR: ports/146389 [1]
Submitted by: several [1]
With Hat: apache@
11 lines
474 B
Text
11 lines
474 B
Text
--- server/protocol.c 2010/03/11 15:55:59 921909
|
|
+++ server/protocol.c 2010/03/11 15:57:26 921910
|
|
@@ -1022,7 +1022,7 @@
|
|
|
|
rnew->status = HTTP_OK;
|
|
|
|
- rnew->headers_in = r->headers_in;
|
|
+ rnew->headers_in = apr_table_copy(rnew->pool, r->headers_in);
|
|
rnew->subprocess_env = apr_table_copy(rnew->pool, r->subprocess_env);
|
|
rnew->headers_out = apr_table_make(rnew->pool, 5);
|
|
rnew->err_headers_out = apr_table_make(rnew->pool, 5);
|