1
#! /bin/sh /usr/share/dpatch/dpatch-run
2
## 048_CVE-2007-1863.dpatch
4
## All lines beginning with `## DP:' are a description of the patch.
8
--- 2.2.x/modules/cache/cache_util.c 2006/10/12 23:11:33 463503
9
+++ 2.2.x/modules/cache/cache_util.c 2007/06/29 16:25:57 551944
11
age = ap_cache_current_age(info, age_c, r->request_time);
13
/* extract s-maxage */
14
- if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "s-maxage", &val)) {
15
+ if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "s-maxage", &val)
17
smaxage = apr_atoi64(val);
22
/* extract max-age from request */
23
if (!conf->ignorecachecontrol
24
- && cc_req && ap_cache_liststr(r->pool, cc_req, "max-age", &val)) {
25
+ && cc_req && ap_cache_liststr(r->pool, cc_req, "max-age", &val)
27
maxage_req = apr_atoi64(val);
33
/* extract max-age from response */
34
- if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "max-age", &val)) {
35
+ if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "max-age", &val)
37
maxage_cresp = apr_atoi64(val);
42
/* extract max-stale */
43
if (cc_req && ap_cache_liststr(r->pool, cc_req, "max-stale", &val)) {
44
- maxstale = apr_atoi64(val);
46
+ maxstale = apr_atoi64(val);
50
+ * If no value is assigned to max-stale, then the client is willing
51
+ * to accept a stale response of any age (RFC2616 14.9.3). We will
52
+ * set it to one year in this case as this situation is somewhat
53
+ * similar to a "never expires" Expires header (RFC2616 14.21)
54
+ * which is set to a date one year from the time the response is
55
+ * sent in this case.
57
+ maxstale = APR_INT64_C(86400*365);
64
/* extract min-fresh */
65
if (!conf->ignorecachecontrol
66
- && cc_req && ap_cache_liststr(r->pool, cc_req, "min-fresh", &val)) {
67
+ && cc_req && ap_cache_liststr(r->pool, cc_req, "min-fresh", &val)
69
minfresh = apr_atoi64(val);
73
*val = apr_pstrmemdup(p, val_start,