Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE
apache2.8781
apache2-CVE-2016-8743-1.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File apache2-CVE-2016-8743-1.patch of Package apache2.8781
https://bugzilla.suse.com/show_bug.cgi?id=1016715#c19 Index: httpd-2.4.23/modules/http/http_filters.c =================================================================== --- httpd-2.4.23.orig/modules/http/http_filters.c 2017-03-02 14:26:12.852522616 +0100 +++ httpd-2.4.23/modules/http/http_filters.c 2017-03-02 14:39:12.382245577 +0100 @@ -690,10 +690,11 @@ struct check_header_ctx { }; /* check a single header, to be used with apr_table_do() */ -static int check_header(void *arg, const char *name, const char *val) +static int check_header(struct check_header_ctx *ctx, + const char *name, const char **val) { - struct check_header_ctx *ctx = arg; - const char *test; + const char *pos, *end; + char *dst = NULL; if (name[0] == '\0') { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, ctx->r, APLOGNO(02428) @@ -702,12 +703,12 @@ static int check_header(void *arg, const } if (ctx->strict) { - test = ap_scan_http_token(name); + end = ap_scan_http_token(name); } else { - test = ap_scan_vchar_obstext(name); + end = ap_scan_vchar_obstext(name); } - if (*test) { + if (*end) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, ctx->r, APLOGNO(02429) "Response header name '%s' contains invalid " "characters, aborting request", @@ -715,23 +716,51 @@ static int check_header(void *arg, const return 0; } - if (ctx->strict) { - test = ap_scan_http_field_content(val); + for (pos = *val; *pos; pos = end) { + end = ap_scan_http_field_content(pos); + if (*end) { + if (end[0] != CR || end[1] != LF || (end[2] != ' ' && + end[2] != '\t')) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, ctx->r, APLOGNO(02430) + "Response header '%s' value of '%s' contains " + "invalid characters, aborting request", + name, pos); + return 0; + } + if (!dst) { + *val = dst = apr_palloc(ctx->r->pool, strlen(*val) + 1); + } + } + if (dst) { + memcpy(dst, pos, end - pos); + dst += end - pos; + if (*end) { + /* skip folding and replace with a single space */ + end += 3 + strspn(end + 3, "\t "); + *dst++ = ' '; + } + } } - else { - /* Simply terminate scanning on a CTL char, allowing whitespace */ - test = val; - do { - while (*test == ' ' || *test == '\t') test++; - test = ap_scan_vchar_obstext(test); - } while (*test == ' ' || *test == '\t'); - } - if (*test) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, ctx->r, APLOGNO(02430) - "Response header '%s' value of '%s' contains invalid " - "characters, aborting request", - name, val); - return 0; + if (dst) { + *dst = '\0'; + } + return 1; +} + +static int check_headers_table(apr_table_t *t, struct check_header_ctx *ctx) +{ + const apr_array_header_t *headers = apr_table_elts(t); + apr_table_entry_t *header; + int i; + + for (i = 0; i < headers->nelts; ++i) { + header = &APR_ARRAY_IDX(headers, i, apr_table_entry_t); + if (!header->key) { + continue; + } + if (!check_header(ctx, header->key, (const char **)&header->val)) { + return 0; + } } return 1; } @@ -748,8 +777,8 @@ static APR_INLINE int check_headers(requ ctx.r = r; ctx.strict = (conf->http_conformance != AP_HTTP_CONFORMANCE_UNSAFE); - if (!apr_table_do(check_header, &ctx, r->headers_out, NULL)) - return 0; /* problem has been logged by check_header() */ + return check_headers_table(r->headers_out, &ctx) && + check_headers_table(r->err_headers_out, &ctx); return 1; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
