Commit 3556d5c9 authored by Mark J. Cox's avatar Mark J. Cox
Browse files

Fix escaping of Expect error message 

http://svn.apache.org/viewcvs?rev=394965&view=rev
+1: mjc, trawick, wrowe


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@395171 13f79535-47bb-0310-9956-ffa450edef68
parent eaf41366

STATUS

+0 −6
Original line number Diff line number Diff line
@@ -51,12 +51,6 @@ Release: 


RELEASE SHOWSTOPPERS:



   *) http_protocol: Fix escaping of Expect error message

      http://svn.apache.org/viewcvs?rev=394965&view=rev

      http://people.redhat.com/mjc/20060411-expect-apache13.patch

      +1: mjc, trawick, wrowe





PROPOSED PATCHES FOR THIS RELEASE:



   *) mod_rewrite on Win32: change the mutex mechanism for RewriteLog

src/CHANGES

+5 −0
Original line number Diff line number Diff line 
Changes with Apache 1.3.35



  *) HTML-escape the Expect error message.  Not classed as security as

     an attacker has no way to influence the Expect header a victim will

     send to a target site.  Reported by Thiago Zaninotti 

     <thiango nstalker.com>. [Mark Cox]



  *) SECURITY: CVE-2005-3352 (cve.mitre.org)

     mod_imap: Escape untrusted referer header before outputting in HTML

     to avoid potential cross-site scripting.  Change also made to

src/main/http_protocol.c

+1 −1
Original line number Diff line number Diff line
@@ -3137,7 +3137,7 @@ API_EXPORT(void) ap_send_error_response(request_rec *r, int recursive_error) 
	    ap_rvputs(r, "The expectation given in the Expect request-header"

	              "\nfield could not be met by this server.<P>\n"

	              "The client sent<PRE>\n    Expect: ",

	              ap_table_get(r->headers_in, "Expect"), "\n</PRE>\n"

	              ap_escape_html(r->pool, ap_table_get(r->headers_in, "Expect")), "\n</PRE>\n"

	              "but we only allow the 100-continue expectation.\n",

	              NULL);

	    break;