thank you! proposal updated On Fri, Jul 18, 2014 at 4:47 AM, Ruediger Pluem <[email protected]> wrote: > > > [email protected] wrote: >> Author: covener >> Date: Fri Jul 18 01:00:08 2014 >> New Revision: 1611522 >> >> URL: http://svn.apache.org/r1611522 >> Log: >> >> add patch/proposal for CVE-2013-5704 trailers thing >> >> >> Modified: >> httpd/httpd/branches/2.2.x/STATUS >> >> Modified: httpd/httpd/branches/2.2.x/STATUS >> URL: >> http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1611522&r1=1611521&r2=1611522&view=diff >> ============================================================================== >> --- httpd/httpd/branches/2.2.x/STATUS (original) >> +++ httpd/httpd/branches/2.2.x/STATUS Fri Jul 18 01:00:08 2014 >> @@ -103,6 +103,19 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK: >> PATCHES PROPOSED TO BACKPORT FROM TRUNK: >> [ New proposals should be added at the end of the list ] >> >> + >> + *) SECURITY: CVE-2013-5704 (cve.mitre.org) >> + core: HTTP trailers could be used to replace HTTP headers >> + late during request processing, potentially undoing or >> + otherwise confusing modules that examined or modified >> + request headers earlier. Adds "MergeTrailers" directive to restore >> + legacy behavior. >> + trunk patch: http://svn.apache.org/r1610814 >> + http://svn.apache.org/r1610686 (mod_log_config ^XX >> support) >> + http://svn.apache.org/r1610707 (mod_log_cofnig ^XX >> support) >> + 2.2.x patch: >> http://people.apache.org/~covener/patches/httpd-2.2.x-trailers.diff >> + +1: covener > > > + if (!apr_is_empty_table(rp->trailers_in)) { > + apr_table_do(add_trailers, rp->trailers_out, > + rp->trailers_in, NULL); > + apr_table_clear(rp->trailers_in); > + } > + > > I guess that should be r->trailers_out instead of rp->trailers_out. > > > Regards > > RĂ¼diger
-- Eric Covener [email protected]
