www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2026-01-06 09:01:14 +03:00
Code Activity
Files
bb2749fd6e18dd1682bd1da89b160ca4175c2ec1
apache/include
History
Joe Orton bb2749fd6e SECURITY (CVE-2014-0117): Fix a crash in mod_proxy. In a reverse 
proxy configuration, a remote attacker could send a carefully crafted
request which could crash a server process, resulting in denial of
service.

Thanks to Marek Kroemeke working with HP's Zero Day Initiative for
reporting this issue.

* server/util.c (ap_parse_token_list_strict): New function.

* modules/proxy/proxy_util.c (find_conn_headers): Use it here.

* modules/proxy/mod_proxy_http.c (ap_proxy_http_process_response):
  Send a 400 for a malformed Connection header.

Submitted by: Edward Lu, breser, covener


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610674 13f79535-47bb-0310-9956-ffa450edef68
2014-07-15 12:27:00 +00:00
..
.indent.pro
Apache 1.3.9 baseline for the Apache 2.0 repository.
1999-08-24 05:50:50 +00:00
ap_compat.h
update license header text
2006-07-11 20:33:53 +00:00
ap_config_layout.h.in
update license header text
2006-07-11 20:55:32 +00:00
ap_config.h
add attribute nonnull to a few functions
2012-11-18 19:31:39 +00:00
ap_expr.h
fix comment
2013-04-27 08:37:36 +00:00
ap_hooks.h
More cleanup: Expand tabs and some more indentation fixes
2011-09-23 18:08:42 +00:00
ap_listen.h
Optimize w/ duplicated listeners and use of SO_REUSEPORT
2014-06-03 13:07:29 +00:00
ap_mmn.h
SECURITY (CVE-2014-0117): Fix a crash in mod_proxy. In a reverse
2014-07-15 12:27:00 +00:00
ap_mpm.h
Revert r1601943, r1602058, r1605307 (socket callback returning pollfds)
2014-06-27 04:17:30 +00:00
ap_provider.h
Add new ap_list_provider_groups() API for mod_info
2011-12-30 10:55:00 +00:00
ap_regex.h
Doxygen fix + alignment + typo
2014-05-29 06:20:36 +00:00
ap_regkey.h
Cleanup effort in prep for GA push:
2011-09-23 13:38:09 +00:00
ap_release.h
Oops, missed one. s/2013/2014/
2014-01-02 18:04:26 +00:00
ap_slotmem.h
Error detection and a quick validity check when restoring...
2013-11-08 19:38:20 +00:00
ap_socache.h
Fix spelling.
2012-02-10 22:45:48 +00:00
apache_noprobes.h
More cleanup: Expand tabs and some more indentation fixes
2011-09-23 18:08:42 +00:00
apreq_cookie.h
As discussed at AC NA 2011
2011-11-13 00:20:32 +00:00
apreq_error.h
Added apreq to NetWare build.
2011-11-14 21:39:19 +00:00
apreq_module.h
As discussed at AC NA 2011
2011-11-13 00:20:32 +00:00
apreq_param.h
As discussed at AC NA 2011
2011-11-13 00:20:32 +00:00
apreq_parser.h
Added apreq to NetWare build.
2011-11-14 21:39:19 +00:00
apreq_util.h
Added apreq to NetWare build.
2011-11-14 21:39:19 +00:00
apreq.h
Added apreq to NetWare build.
2011-11-14 21:39:19 +00:00
heartbeat.h
Doxygen fix + reorg to match how other header files are built
2014-05-26 20:09:09 +00:00
http_config.h
doxygen improvements
2014-01-22 19:15:14 +00:00
http_connection.h
mpm_event[opt]: Send the SSL close notify alert when the KeepAliveTimeout
2014-06-07 22:57:08 +00:00
http_core.h
Add in the concept of "slave" connections...
2014-02-07 13:54:38 +00:00
http_log.h
We really need some place where we can place a whole
2014-06-03 15:22:37 +00:00
http_main.h
Fold on Jeff's DefaultRuntimeDir impl... docs on the way
2012-03-07 12:31:58 +00:00
http_protocol.h
Correct typo in comments for ap_map_http_request_error().
2013-10-07 16:10:07 +00:00
http_request.h
Mention how "satisfy any" affects AAA hooks run after access_checker
2013-08-27 20:46:16 +00:00
http_vhost.h
More cleanup: Expand tabs and some more indentation fixes
2011-09-23 18:08:42 +00:00
httpd.h
SECURITY (CVE-2014-0117): Fix a crash in mod_proxy. In a reverse
2014-07-15 12:27:00 +00:00
mod_auth.h
Restore support for the AUTH_HANDLED return code in AUTHN providers,
2013-07-03 12:13:50 +00:00
mod_core.h
Move *_DECLARE_* macros to beginning of line in headers.
2012-08-20 10:09:42 +00:00
mod_request.h
Expose "new" ap_parse_form_data() function instead of requiring
2011-02-18 18:40:31 +00:00
mpm_common.h
Revert r1601943, r1602058, r1605307 (socket callback returning pollfds)
2014-06-27 04:17:30 +00:00
scoreboard.h
SECURITY (CVE-2014-0226): Fix a race condition in scoreboard handling,
2014-07-14 19:26:00 +00:00
util_cfgtree.h
Cleanup effort in prep for GA push:
2011-09-23 13:38:09 +00:00
util_charset.h
Cleanup effort in prep for GA push:
2011-09-23 13:38:09 +00:00
util_cookies.h
Rename ap_func_attr_* macros to AP_FN_ATTR_*
2012-01-09 13:06:18 +00:00
util_ebcdic.h
update license header text
2006-07-11 20:33:53 +00:00
util_fcgi.h
Add util_fcgi.h and associated definitions and support
2013-08-13 12:16:39 +00:00
util_filter.h
Useful extensions...
2013-03-19 19:09:40 +00:00
util_ldap.h
make LDAPConnectionPoolTTL more conservative, use r->request_time rather than
2014-07-05 00:06:15 +00:00
util_md5.h
More cleanup: Expand tabs and some more indentation fixes
2011-09-23 18:08:42 +00:00
util_mutex.h
Add -D DUMP_RUN_CFG option to dump some configuration items
2011-10-09 18:35:23 +00:00
util_script.h
Rename ap_func_attr_* macros to AP_FN_ATTR_*
2012-01-09 13:06:18 +00:00
util_time.h
Break out common code to be share-able
2014-06-03 16:02:44 +00:00
util_varbuf.h
fix Doxygen warnings/comments
2013-08-13 12:36:27 +00:00
util_xml.h
Use correct Doxygen keywords for functions and variables. TODO: figure out whether those keywords are actually necessary. HTML-ify some documentation comments for benefit of Doxygen.
2007-07-03 23:02:32 +00:00