From 3be0d0939b61a78206efe3b66bf68bb48345fb8c Mon Sep 17 00:00:00 2001 From: Henning Brauer Date: Thu, 10 Jun 2004 16:55:03 +0000 Subject: SECURITY: CAN-2004-0492 (cve.mitre.org) Reject responses from a remote server if sent an invalid (negative) Content-Length. [Mark Cox] --- usr.sbin/httpd/src/modules/proxy/proxy_http.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'usr.sbin') diff --git a/usr.sbin/httpd/src/modules/proxy/proxy_http.c b/usr.sbin/httpd/src/modules/proxy/proxy_http.c index e82576d139a..428985691fd 100644 --- a/usr.sbin/httpd/src/modules/proxy/proxy_http.c +++ b/usr.sbin/httpd/src/modules/proxy/proxy_http.c @@ -561,6 +561,13 @@ int ap_proxy_http_handler(request_rec *r, cache_req *c, char *url, content_length = ap_table_get(resp_hdrs, "Content-Length"); if (content_length != NULL) { c->len = ap_strtol(content_length, NULL, 10); + + if (c->len < 0) { + ap_kill_timeout(r); + return ap_proxyerror(r, HTTP_BAD_GATEWAY, ap_pstrcat(r->pool, + "Invalid Content-Length from remote server", + NULL)); + } } } -- cgit v1.2.3