← Back to branch summary

~ubuntu-branches/debian/wheezy/apache2/wheezy

« back to all changes in this revision

Viewing changes to server/protocol.c

  • Committer: Package Import Robot
  • Author(s): Stefan Fritsch, Stefan Fritsch, Arno Töll
  • Date: 2012-02-01 21:49:04 UTC
  • mfrom: (0.13.15)
  • Revision ID: package-import@ubuntu.com-20120201214904-nlchebp6wu7z55jw
Tags: 2.2.22-1
http://bugs.debian.org/653801
[ Stefan Fritsch ]
* New upstream release, urgency medium due to security fixes:
  - Fix CVE-2012-0021: mod_log_config: DoS with '%{cookiename}C' log format
  - Fix CVE-2012-0031: Unprivileged child process could cause the parent to
    crash at shutdown
  - Fix CVE-2012-0053: Exposure of "httpOnly" cookies in code 400 error
    message.
* Move httxt2dbm to apache2-utils
* Adjust debian/control to point to new git repository.

[ Arno Töll ]
* Fix "typo in /etc/apache2/apache2.conf" (Closes: #653801)

Show diffs side-by-side

added added

removed removed

Lines of Context:
server/protocol.c
640
640
 
641
641
    ap_parse_uri(r, uri);
642
642
 
643
 
    /* RFC 2616:
644
 
     *   Request-URI    = "*" | absoluteURI | abs_path | authority
645
 
     *
646
 
     * authority is a special case for CONNECT.  If the request is not
647
 
     * using CONNECT, and the parsed URI does not have scheme, and
648
 
     * it does not begin with '/', and it is not '*', then, fail
649
 
     * and give a 400 response. */
650
 
    if (r->method_number != M_CONNECT 
651
 
        && !r->parsed_uri.scheme 
652
 
        && uri[0] != '/'
653
 
        && !(uri[0] == '*' && uri[1] == '\0')) {
654
 
        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
655
 
                      "invalid request-URI %s", uri);
656
 
        r->args = NULL;
657
 
        r->hostname = NULL;
658
 
        r->status = HTTP_BAD_REQUEST;
659
 
        r->uri = apr_pstrdup(r->pool, uri);
660
 
    }
661
 
 
662
643
    if (ll[0]) {
663
644
        r->assbackwards = 0;
664
645
        pro = ll;
689
670
    return 1;
690
671
}
691
672
 
 
673
/* get the length of the field name for logging, but no more than 80 bytes */
 
674
#define LOG_NAME_MAX_LEN 80
 
675
static int field_name_len(const char *field)
 
676
{
 
677
    const char *end = ap_strchr_c(field, ':');
 
678
    if (end == NULL || end - field > LOG_NAME_MAX_LEN)
 
679
        return LOG_NAME_MAX_LEN;
 
680
    return end - field;
 
681
}
 
682
 
692
683
AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb)
693
684
{
694
685
    char *last_field = NULL;
728
719
                /* insure ap_escape_html will terminate correctly */
729
720
                field[len - 1] = '\0';
730
721
                apr_table_setn(r->notes, "error-notes",
731
 
                               apr_pstrcat(r->pool,
 
722
                               apr_psprintf(r->pool,
732
723
                                           "Size of a request header field "
733
724
                                           "exceeds server limit.<br />\n"
734
 
                                           "<pre>\n",
735
 
                                           ap_escape_html(r->pool, field),
736
 
                                           "</pre>\n", NULL));
 
725
                                           "<pre>\n%.*s\n</pre>/n",
 
726
                                           field_name_len(field), 
 
727
                                           ap_escape_html(r->pool, field)));
 
728
                ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, 
 
729
                              "Request header exceeds LimitRequestFieldSize: "
 
730
                              "%.*s", field_name_len(field), field);
737
731
            }
738
732
            return;
739
733
        }
754
748
                     * overflow (last_field) as the field with the problem
755
749
                     */
756
750
                    apr_table_setn(r->notes, "error-notes",
757
 
                                   apr_pstrcat(r->pool,
 
751
                                   apr_psprintf(r->pool,
758
752
                                               "Size of a request header field "
759
753
                                               "after folding "
760
754
                                               "exceeds server limit.<br />\n"
761
 
                                               "<pre>\n",
762
 
                                               ap_escape_html(r->pool, last_field),
763
 
                                               "</pre>\n", NULL));
 
755
                                               "<pre>\n%.*s\n</pre>\n",
 
756
                                               field_name_len(last_field),
 
757
                                               ap_escape_html(r->pool, last_field)));
 
758
                    ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
 
759
                                  "Request header exceeds LimitRequestFieldSize "
 
760
                                  "after folding: %.*s",
 
761
                                  field_name_len(last_field), last_field);
764
762
                    return;
765
763
                }
766
764
 
792
790
                if (!(value = strchr(last_field, ':'))) { /* Find ':' or    */
793
791
                    r->status = HTTP_BAD_REQUEST;      /* abort bad request */
794
792
                    apr_table_setn(r->notes, "error-notes",
795
 
                                   apr_pstrcat(r->pool,
 
793
                                   apr_psprintf(r->pool,
796
794
                                               "Request header field is "
797
795
                                               "missing ':' separator.<br />\n"
798
 
                                               "<pre>\n",
 
796
                                               "<pre>\n%.*s</pre>\n",
 
797
                                               (int)LOG_NAME_MAX_LEN,
799
798
                                               ap_escape_html(r->pool,
800
 
                                                              last_field),
801
 
                                               "</pre>\n", NULL));
 
799
                                                              last_field)));
 
800
                    ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
 
801
                                  "Request header field is missing ':' "
 
802
                                  "separator: %.*s", (int)LOG_NAME_MAX_LEN,
 
803
                                  last_field);
 
804
 
802
805
                    return;
803
806
                }
804
807
 
1681
1684
        return;
1682
1685
    }
1683
1686
    if (!ap_is_HTTP_INFO(r->status)) {
1684
 
        ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, NULL,
 
1687
        ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
1685
1688
                      "Status is %d - not sending interim response", r->status);
1686
1689
        return;
1687
1690
    }