diff options
| author | Henning Brauer <henning@cvs.openbsd.org> | 2004-06-10 16:55:03 +0000 |
|---|---|---|
| committer | Henning Brauer <henning@cvs.openbsd.org> | 2004-06-10 16:55:03 +0000 |
| commit | 3be0d0939b61a78206efe3b66bf68bb48345fb8c (patch) | |
| tree | 2119380571df0d82eda6a7bb136f4c16b13cb6f3 /usr.sbin/httpd | |
| parent | 84fa956e0b27924f08ce205eabd84dbefae553a4 (diff) | |
SECURITY: CAN-2004-0492 (cve.mitre.org)
Reject responses from a remote server if sent an invalid (negative)
Content-Length. [Mark Cox]
Diffstat (limited to 'usr.sbin/httpd')
| -rw-r--r-- | usr.sbin/httpd/src/modules/proxy/proxy_http.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/usr.sbin/httpd/src/modules/proxy/proxy_http.c b/usr.sbin/httpd/src/modules/proxy/proxy_http.c index e82576d139a..428985691fd 100644 --- a/usr.sbin/httpd/src/modules/proxy/proxy_http.c +++ b/usr.sbin/httpd/src/modules/proxy/proxy_http.c @@ -561,6 +561,13 @@ int ap_proxy_http_handler(request_rec *r, cache_req *c, char *url, content_length = ap_table_get(resp_hdrs, "Content-Length"); if (content_length != NULL) { c->len = ap_strtol(content_length, NULL, 10); + + if (c->len < 0) { + ap_kill_timeout(r); + return ap_proxyerror(r, HTTP_BAD_GATEWAY, ap_pstrcat(r->pool, + "Invalid Content-Length from remote server", + NULL)); + } } } |