Apply fix for security vulnerability in proxy module reported in

CAN-2004-0492. Bump package revision package of this.
author: tron <tron> 2004-09-24 06:04:00 +0000
committer: tron <tron> 2004-09-24 06:04:00 +0000
commit: fb3b3c7d962975bad37a628c883224a3fbdb6ac2 (patch)
tree: 2f982458ccafe1bfaf350e466dc705c1d8a10772 /www/apache/patches
parent: 848cc224dabb8057778c7a88c4b3ccc5e389a077 (diff)
download: pkgsrc-fb3b3c7d962975bad37a628c883224a3fbdb6ac2.tar.gz
1 files changed, 18 insertions, 0 deletions
diff --git a/www/apache/patches/patch-ap b/www/apache/patches/patch-ap
new file mode 100644
index 00000000000..02a1090d33e
--- /dev/null
+++ b/www/apache/patches/patch-ap
@@ -0,0 +1,18 @@
+$NetBSD: patch-ap,v 1.5 2004/09/24 06:04:00 tron Exp $
+
+--- src/modules/proxy/proxy_http.c.orig	29 Mar 2004 17:47:15 -0000	1.106
++++ src/modules/proxy/proxy_http.c	11 Jun 2004 07:54:38 -0000	1.107
+@@ -485,6 +485,13 @@
+         content_length = ap_table_get(resp_hdrs, "Content-Length");
+         if (content_length != NULL) {
+             c->len = ap_strtol(content_length, NULL, 10);
++
++	    if (c->len < 0) {
++		ap_kill_timeout(r);
++		return ap_proxyerror(r, HTTP_BAD_GATEWAY, ap_pstrcat(r->pool,
++				     "Invalid Content-Length from remote server",
++                                      NULL));
++	    }
+         }
+ 
+     }
author	tron <tron>	2004-09-24 06:04:00 +0000
committer	tron <tron>	2004-09-24 06:04:00 +0000
commit	fb3b3c7d962975bad37a628c883224a3fbdb6ac2 (patch)
tree	2f982458ccafe1bfaf350e466dc705c1d8a10772 /www/apache/patches
parent	848cc224dabb8057778c7a88c4b3ccc5e389a077 (diff)
download	pkgsrc-fb3b3c7d962975bad37a628c883224a3fbdb6ac2.tar.gz