Re: svn commit: r1664118 - in /httpd/httpd/branches/2.4.x: ./ CHANGES STATUS modules/lua/lua_request.c

Thu, 05 Mar 2015 00:13:39 -0800 


On 03/04/2015 08:18 PM, [email protected] wrote:
> Author: covener
> Date: Wed Mar  4 19:18:27 2015
> New Revision: 1664118
> 
> URL: http://svn.apache.org/r1664118
> Log:
> Merge r1657261 from trunk:
> 
>   *) SECURITY: CVE-2015-0228 (cve.mitre.org)
>      mod_lua: A maliciously crafted websockets PING after a script
>      calls r:wsupgrade() can cause a child process crash.
>      [Edward Lu <Chaosed0 gmail.com>]
> 
> Discovered by Guido Vranken <guidovranken gmail.com>
> 
> Submitted by: Edward Lu
> Committed by: covener
> 
> 
> 
> Modified:
>     httpd/httpd/branches/2.4.x/   (props changed)
>     httpd/httpd/branches/2.4.x/CHANGES
>     httpd/httpd/branches/2.4.x/STATUS
>     httpd/httpd/branches/2.4.x/modules/lua/lua_request.c
> 

> Modified: httpd/httpd/branches/2.4.x/modules/lua/lua_request.c
> URL: 
> http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/lua/lua_request.c?rev=1664118&r1=1664117&r2=1664118&view=diff
> ==============================================================================
> --- httpd/httpd/branches/2.4.x/modules/lua/lua_request.c (original)
> +++ httpd/httpd/branches/2.4.x/modules/lua/lua_request.c Wed Mar  4 19:18:27 
> 2015
> @@ -2229,6 +2229,7 @@ static int lua_websocket_read(lua_State
>  {
>      apr_socket_t *sock;
>      apr_status_t rv;
> +    int do_read = 1;
>      int n = 0;
>      apr_size_t len = 1;
>      apr_size_t plen = 0;
> @@ -2246,6 +2247,8 @@ static int lua_websocket_read(lua_State
>      mask_bytes = apr_pcalloc(r->pool, 4);
>      sock = ap_get_conn_socket(r->connection);
>  
> +    while (do_read) { 
> +    do_read = 0;
>      /* Get opcode and FIN bit */
>      if (plaintext) {
>          rv = apr_socket_recv(sock, &byte, &len);
> @@ -2379,10 +2382,11 @@ static int lua_websocket_read(lua_State
>                  frame[0] = 0x8A;
>                  frame[1] = 0;
>                  apr_socket_send(sock, frame, &plen); /* Pong! */
> -                lua_websocket_read(L); /* read the next frame instead */
> +                do_read = 1;
>              }
>          }
>      }
> +    }
>      return 0;
>  }
>  

In order to stay in sync with trunk shouldn't we apply the needed whitespace 
changes as well?
The applied patch was the one without whitespace changes to keep it more 
readable.

Regards

RĂ¼diger

Reply via email to