CHANGES · 6388e86801e7fae9e6aed8b5aff916f56003267e · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd · GitLab

Security fix for CVE-2009-1890: · 4685944e

Joe Orton authored Jul 02, 2009

* modules/proxy/mod_proxy_http.c (stream_reqbody_cl): Specify the base
  passed to apr_strtoff, and validate the Content-Length in the same
  way the HTTP_IN filter does.  If the number of bytes streamed
  exceeds the expected body length, bail out of the loop.

Submitted by: niq, jorton


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@790587 13f79535-47bb-0310-9956-ffa450edef68

4685944e

To find the state of this project's repository at the time of any of these versions, check out the tags.