Commit bf2d0d37 authored Jan 05, 2017 by Eric Covener

Merge r1542549 from 2.4.x:

Potential rejection of valid MaxMemFree and ThreadStackSize directives

trunk patch: https://svn.apache.org/r1542338

Submitted by: Mike Rumph <mike.rumph oracle.com>
Reviewed by: trawick, covener, sf

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1777401 13f79535-47bb-0310-9956-ffa450edef68

parent 0594d57e

CHANGES

+3 −0

Original line number	Diff line number	Diff line
		@@ -4,6 +4,9 @@ Changes with Apache 2.2.32
		*) core: CVE-2016-5387: Mitigate [f]cgi "httpoxy" issues.
		[Dominic Scheirlinck <dominic vendhq.com>, Yann Ylavic]

		*) Fix potential rejection of valid MaxMemFree and ThreadStackSize
		directives. [Mike Rumph <mike.rumph oracle.com>]

		*) core: Limit to ten the number of tolerated empty lines between request.
		[Yann Ylavic]

server/mpm_common.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -1133,6 +1133,7 @@ const char ap_mpm_set_max_mem_free(cmd_parms cmd, void *dummy,
		return err;
		}

		errno = 0;
		value = strtol(arg, NULL, 0);
		if (value < 0 \|\| errno == ERANGE)
		return apr_pstrcat(cmd->pool, "Invalid MaxMemFree value: ",
		@@ -1157,6 +1158,7 @@ const char ap_mpm_set_thread_stacksize(cmd_parms cmd, void *dummy,
		return err;
		}

		errno = 0;
		value = strtol(arg, NULL, 0);
		if (value < 0 \|\| errno == ERANGE)
		return apr_pstrcat(cmd->pool, "Invalid ThreadStackSize value: ",