On Fri, Nov 14, 2014 at 7:37 PM, <[email protected]> wrote:
> Author: ylavic
> Date: Sat Nov 15 00:37:13 2014
> New Revision: 1639814
>
> URL: http://svn.apache.org/r1639814
> Log:
> mod_authnz_fcgi: follow up to r1639717.
> Let ap_scan_script_header*() validate the headers.
>
> Modified:
> httpd/httpd/trunk/modules/aaa/mod_authnz_fcgi.c
>
> Modified: httpd/httpd/trunk/modules/aaa/mod_authnz_fcgi.c
> URL:
> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/mod_authnz_fcgi.c?rev=1639814&r1=1639813&r2=1639814&view=diff
>
> ==============================================================================
> --- httpd/httpd/trunk/modules/aaa/mod_authnz_fcgi.c (original)
> +++ httpd/httpd/trunk/modules/aaa/mod_authnz_fcgi.c Sat Nov 15 00:37:13
> 2014
> @@ -442,11 +442,8 @@ static int handle_headers(request_rec *r
> break;
> }
> }
> - else if (*itr == '\t' || !apr_iscntrl(*itr)) {
> - *state = HDR_STATE_READING_HEADERS;
> - }
> else {
> - return -1;
> + *state = HDR_STATE_READING_HEADERS;
> }
>
> if (*state == HDR_STATE_DONE_WITH_HEADERS)
>
>
>
I was looking at the diffs for 2.4 and noticed some vestigial code from the
first revision; please check the attached patch to see if you agree with
some additional removals.
Also, my understanding is that
* some of the code in your first revision of both modules catches potential
errors that should have been caught before, so that's an additional issue
that could be mentioned in CHANGES.
* the one CVE should apply to both modules, and the CHANGES entry can be
grouped together. (It could in fact be the same affected application,
which supports both authentication&|authorization and response generation,
using the two modules)
Agreed?
Thanks!
--
Born in Roswell... married an alien...
http://emptyhammock.com/
Index: modules/proxy/mod_proxy_fcgi.c
===================================================================
--- modules/proxy/mod_proxy_fcgi.c (revision 1639871)
+++ modules/proxy/mod_proxy_fcgi.c (working copy)
@@ -18,8 +18,6 @@
#include "util_fcgi.h"
#include "util_script.h"
-#include "apr_lib.h" /* for apr_iscntrl() */
-
module AP_MODULE_DECLARE_DATA proxy_fcgi_module;
/*
@@ -568,12 +566,6 @@
int st = handle_headers(r, &header_state, iobuf,
readbuflen);
- if (st == -1) {
- *err = "parsing response headers";
- rv = APR_EINVAL;
- break;
- }
-
if (st == 1) {
int status;
seen_end_of_headers = 1;
Index: modules/aaa/mod_authnz_fcgi.c
===================================================================
--- modules/aaa/mod_authnz_fcgi.c (revision 1639871)
+++ modules/aaa/mod_authnz_fcgi.c (working copy)
@@ -558,15 +558,6 @@
int st = handle_headers(r, &header_state, readbuf,
readbuflen);
- if (st == -1) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- APLOGNO(02821) "%s: error reading "
- "headers from %s",
- fn, conf->backend);
- rv = APR_EINVAL;
- break;
- }
-
if (st == 1) {
int status;
