File httpd-2.2.x-CVE-2008-2364.patch of Package apache2

Overview Repositories Revisions Requests Users Attributes Meta

File httpd-2.2.x-CVE-2008-2364.patch of Package apache2

Taken from: http://svn.apache.org/viewvc?view=rev&revision=666154

--- httpd/httpd/trunk/modules/proxy/mod_proxy_http.c	2008/06/10 15:29:09	666153
+++ httpd/httpd/trunk/modules/proxy/mod_proxy_http.c	2008/06/10 15:30:00	666154
@@ -1312,6 +1312,16 @@
     return rv;
 }
 
+/*
+ * Limit the number of interim respones we sent back to the client. Otherwise
+ * we suffer from a memory build up. Besides there is NO sense in sending back
+ * an unlimited number of interim responses to the client. Thus if we cross
+ * this limit send back a 502 (Bad Gateway).
+ */
+#ifndef AP_MAX_INTERIM_RESPONSES
+#define AP_MAX_INTERIM_RESPONSES 10
+#endif
+
 static
 apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r,
                                             proxy_conn_rec *backend,
@@ -1326,8 +1336,8 @@
     apr_bucket *e;
     apr_bucket_brigade *bb, *tmp_bb;
     int len, backasswards;
-    int interim_response; /* non-zero whilst interim 1xx responses
-                           * are being read. */
+    int interim_response = 0; /* non-zero whilst interim 1xx responses
+                               * are being read. */
     int pread_len = 0;
     apr_table_t *save_table;
     int backend_broke = 0;
@@ -1577,7 +1587,12 @@
             backend->close += 1;
         }
 
-        interim_response = ap_is_HTTP_INFO(r->status);
+        if (ap_is_HTTP_INFO(r->status)) {
+            interim_response++;
+        }
+        else {
+            interim_response = 0;
+        }
         if (interim_response) {
             /* RFC2616 tells us to forward this.
              *
@@ -1778,7 +1793,15 @@
 
             apr_brigade_cleanup(bb);
         }
-    } while (interim_response);
+    } while (interim_response && (interim_response < AP_MAX_INTERIM_RESPONSES));
+
+    /* See define of AP_MAX_INTERIM_RESPONSES for why */
+    if (interim_response >= AP_MAX_INTERIM_RESPONSES) {
+        return ap_proxyerror(r, HTTP_BAD_GATEWAY,
+                             apr_psprintf(p, 
+                             "Too many (%d) interim responses from origin server",
+                             interim_response));
+    }
 
     /* If our connection with the client is to be aborted, return DONE. */
     if (c->aborted || backend_broke) {

Places

File httpd-2.2.x-CVE-2008-2364.patch of Package apache2

Places