summaryrefslogtreecommitdiff
path: root/www/apache22/patches/patch-ap
blob: c112356348c9eefe8e6bb1fc1a7884ec1f9b3a49 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
$NetBSD: patch-ap,v 1.1 2007/06/28 01:20:52 lkundrak Exp $

Fix for CVE-2007-1863 remote crash when mod_cache enabled.

--- modules/cache/cache_util.c.orig	2007-06-28 02:03:05.000000000 +0200
+++ modules/cache/cache_util.c
@@ -243,7 +243,8 @@ CACHE_DECLARE(int) ap_cache_check_freshn
     age = ap_cache_current_age(info, age_c, r->request_time);
 
     /* extract s-maxage */
-    if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "s-maxage", &val)) {
+    if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "s-maxage", &val)
+        && val != NULL) {
         smaxage = apr_atoi64(val);
     }
     else {
@@ -252,7 +253,8 @@ CACHE_DECLARE(int) ap_cache_check_freshn
 
     /* extract max-age from request */
     if (!conf->ignorecachecontrol
-        && cc_req && ap_cache_liststr(r->pool, cc_req, "max-age", &val)) {
+        && cc_req && ap_cache_liststr(r->pool, cc_req, "max-age", &val)
+        && val != NULL) {
         maxage_req = apr_atoi64(val);
     }
     else {
@@ -260,7 +262,8 @@ CACHE_DECLARE(int) ap_cache_check_freshn
     }
 
     /* extract max-age from response */
-    if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "max-age", &val)) {
+    if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "max-age", &val)
+        && val != NULL) {
         maxage_cresp = apr_atoi64(val);
     }
     else {
@@ -282,7 +285,20 @@ CACHE_DECLARE(int) ap_cache_check_freshn
 
     /* extract max-stale */
     if (cc_req && ap_cache_liststr(r->pool, cc_req, "max-stale", &val)) {
-        maxstale = apr_atoi64(val);
+        if(val != NULL) {
+            maxstale = apr_atoi64(val);
+        }
+        else {
+            /*
+             * If no value is assigned to max-stale, then the client is willing
+             * to accept a stale response of any age (RFC2616 14.9.3). We will
+             * set it to one year in this case as this situation is somewhat
+             * similar to a "never expires" Expires header (RFC2616 14.21)
+             * which is set to a date one year from the time the response is
+             * sent in this case.
+             */
+            maxstale = APR_INT64_C(86400*365);
+        }
     }
     else {
         maxstale = 0;
@@ -290,7 +306,8 @@ CACHE_DECLARE(int) ap_cache_check_freshn
 
     /* extract min-fresh */
     if (!conf->ignorecachecontrol
-        && cc_req && ap_cache_liststr(r->pool, cc_req, "min-fresh", &val)) {
+        && cc_req && ap_cache_liststr(r->pool, cc_req, "min-fresh", &val)
+        && val != NULL) {
         minfresh = apr_atoi64(val);
     }
     else {
@@ -419,6 +436,9 @@ CACHE_DECLARE(int) ap_cache_liststr(apr_
                                                   next - val_start);
                         }
                     }
+                    else {
+                        *val = NULL;
+                    }
                 }
                 return 1;
             }