Commits · 5f41d9752d9ce7498e73dca2bbca0ea33fa3332a · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

Dec 13, 2016

Jim Jagielski authored Dec 13, 2016


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1774009 13f79535-47bb-0310-9956-ffa450edef68

5f41d975

Merge r1773293, r1773761, r1773779, r1773812, r1773861, r1773862, r1773865 from trunk: · 00b51ea7

Jim Jagielski authored Dec 13, 2016

change error handling for bad resp headers

 - avoid looping between ap_die and the http filter
 - remove the header that failed the check
 - keep calling apr_table_do until our fn stops matching


This is still not great. We get the original body, a 500 status
code and status line.

(r1773285 + fix for first return from check_headers)




Follow up to r1773293.
When check_headers() fails, clear anything (headers and body) from original/errorneous
response before returning 500.


Follow up to r1773761: don't check_headers() more than once.

Follow up to r1773761: don't recurse on internal redirects.

Follow up to r1773761: don't recurse on ap_send_error_response() either.

Follow up to r1773761: we need to check both ap_send_error_response() and internal redirect recursions.

Follow up to r1773761: improved recursion detection.
Submitted by: covener, ylavic, ylavic, ylavic, ylavic, ylavic, ylavic
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773995 13f79535-47bb-0310-9956-ffa450edef68

00b51ea7

tested and voted · 574b6520

Jim Jagielski authored Dec 13, 2016


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773993 13f79535-47bb-0310-9956-ffa450edef68

574b6520

vote · 2aaee324

Stefan Eissing authored Dec 13, 2016

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773937 13f79535-47bb-0310-9956-ffa450edef68

2aaee324

Dec 12, 2016

Provide all-in-one patch to ease review. · 2c9d8453

Yann Ylavic authored Dec 12, 2016

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773883 13f79535-47bb-0310-9956-ffa450edef68

2c9d8453

This is looking solid · 9275cf7f

William A. Rowe Jr authored Dec 12, 2016

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773877 13f79535-47bb-0310-9956-ffa450edef68

9275cf7f

Duplicate. · e30dc8ae

Yann Ylavic authored Dec 12, 2016

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773871 13f79535-47bb-0310-9956-ffa450edef68

e30dc8ae

Propose. · 9a7432a8

Yann Ylavic authored Dec 12, 2016

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773869 13f79535-47bb-0310-9956-ffa450edef68

9a7432a8

some context · 67d98c20

Jim Jagielski authored Dec 12, 2016


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773811 13f79535-47bb-0310-9956-ffa450edef68

67d98c20

· fe8bbe2c

Eric Covener authored Dec 12, 2016

drop proposal

surafe two showstoppers discussed elsewhere in STATUS



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773810 13f79535-47bb-0310-9956-ffa450edef68

fe8bbe2c

Merge r1773162 from trunk: · ee1b2e9f

Jim Jagielski authored Dec 12, 2016

After eliminating unusual whitespace in Unsafe mode (e.g. \f \v), we are left
with the same behavior in both of these cases. Simplify. Noted by rpluem.

Submitted by: wrowe
Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773803 13f79535-47bb-0310-9956-ffa450edef68

ee1b2e9f

Merge r1773159 from trunk: · d8d25958

Jim Jagielski authored Dec 12, 2016

Partial port of proposed r1773158 for httpd-2.x only; this change causes all
illegible protocol args to be rejected, irrespective of the strict toggle as
we expect this to occur with a garbage raw SP embedded in the request URI.

Simplifies the code using the protocol 0.9 sentinal to set up an http/1.0
error response.

String duplication of r1773158 is uninteresting, httpd-2.x has a const protocol
member.

Submitted by: rpluem, wrowe


Submitted by: wrowe
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773802 13f79535-47bb-0310-9956-ffa450edef68

d8d25958

Merge r1773346 from trunk: · ea03819a

Jim Jagielski authored Dec 12, 2016

Drop C-L header and message-body from HTTP 204 responses.

The C-L header can be set in a fcgi/cgi backend or in other
filters like ap_content_length_filter (with the value of 0),
meanwhile the message-body can be returned incorrectly
by any backend. The idea is to remove unnecessary bytes
from a HTTP 204 response.

PR 51350

Submitted by: elukey
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773801 13f79535-47bb-0310-9956-ffa450edef68

ea03819a

Merge r1773397 from trunk: · 17a901d8

Jim Jagielski authored Dec 12, 2016

ProxyPass ! doesn't block per-directory ProxyPass

 *) mod_proxy: Honor a server scoped ProxyPass exception when ProxyPass is
     configured in <Location>, like in 2.2. PR 60458.
     [Eric Covener]


Submitted by: covener
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773800 13f79535-47bb-0310-9956-ffa450edef68

17a901d8

Vote, promote, note. · 517670b1

Yann Ylavic authored Dec 12, 2016

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773765 13f79535-47bb-0310-9956-ffa450edef68

517670b1

One doesn't seem like the right fix, another appears to be. · 25ca1186

William A. Rowe Jr authored Dec 12, 2016



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773740 13f79535-47bb-0310-9956-ffa450edef68

25ca1186

Dec 10, 2016

Propose + vote · 5cbdb423

Luca Toscano authored Dec 10, 2016

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773515 13f79535-47bb-0310-9956-ffa450edef68

5cbdb423

Dec 09, 2016

votes · 2fa6b713

Jim Jagielski authored Dec 09, 2016


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773403 13f79535-47bb-0310-9956-ffa450edef68

2fa6b713

propose · c80b177d

Eric Covener authored Dec 09, 2016



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773402 13f79535-47bb-0310-9956-ffa450edef68

c80b177d

propose PR60458 · 6b485c38

Eric Covener authored Dec 09, 2016


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773398 13f79535-47bb-0310-9956-ffa450edef68

6b485c38

Dec 08, 2016

80 col · 24191bb8

William A. Rowe Jr authored Dec 08, 2016

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773282 13f79535-47bb-0310-9956-ffa450edef68

24191bb8

update transformation · 172d0dfd

André Malo authored Dec 08, 2016


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773254 13f79535-47bb-0310-9956-ffa450edef68

172d0dfd

votes · 10c23eac

Jim Jagielski authored Dec 08, 2016


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773252 13f79535-47bb-0310-9956-ffa450edef68

10c23eac

xforms · 5fa28e55

Jim Jagielski authored Dec 08, 2016


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773251 13f79535-47bb-0310-9956-ffa450edef68

5fa28e55

cgi "most common" · fe231135

Rich Bowen authored Dec 08, 2016

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773247 13f79535-47bb-0310-9956-ffa450edef68

fe231135

Dec 07, 2016

Two issues noted by rpluem · 3dc8380e

William A. Rowe Jr authored Dec 07, 2016

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773164 13f79535-47bb-0310-9956-ffa450edef68

3dc8380e

Meant to commit this to the merge branch for consideration; reverting r1773158 · b71c6619
William A. Rowe Jr authored Dec 07, 2016
```
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773160 13f79535-47bb-0310-9956-ffa450edef68
```
b71c6619

As noted by rpluem, r->protocol isn't const char *. Ensure the exit cases · 1269dd93

William A. Rowe Jr authored Dec 07, 2016

are pstrdup'ed. Note that r->protocol = "" is not in a return path.

Simplify the garbage-in protocol handling without consideration to 'strict'
settings. It is expected to be caused by an invalid raw SP in the URL.

Backports: r1773159 (with pstrdup enhancement)
Submitted by: rpluem, wrowe

Reverted in r1773160 (for further STATUS review)

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773158 13f79535-47bb-0310-9956-ffa450edef68

1269dd93

Merge r1772919 from trunk: · db5fcaac

Jim Jagielski authored Dec 07, 2016

mod_auth_digest: fix segfaults during shared memory exhaustion

The apr_rmm_addr_get/apr_rmm_malloc() combination did not correctly
check for a malloc failure, leading to crashes when we ran out of the
limited space provided by AuthDigestShmemSize. This patch replaces all
these calls with a helper function that performs this check.

Additionally, fix a NULL-check bug during entry garbage collection.
Submitted by: jchampion
Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773069 13f79535-47bb-0310-9956-ffa450edef68

db5fcaac

Dec 06, 2016

· 4ba157f5

Eric Covener authored Dec 06, 2016

vote/promote


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772946 13f79535-47bb-0310-9956-ffa450edef68

4ba157f5

vote · e3e4839c

Jim Jagielski authored Dec 06, 2016


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772931 13f79535-47bb-0310-9956-ffa450edef68

e3e4839c

Propose · 254102e9

Jacob Champion authored Dec 06, 2016

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772926 13f79535-47bb-0310-9956-ffa450edef68

254102e9

Merge r1772812, r1772813 from trunk: · f8805fb5

Jim Jagielski authored Dec 06, 2016

mod_session_crypto: Authenticate the session data/cookie with a MAC (SipHash)
to prevent deciphering or tampering with a padding oracle attack.



mod_session_crypto: follow up to r1772812: CHANGES entry.
Submitted by: ylavic
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772925 13f79535-47bb-0310-9956-ffa450edef68

f8805fb5

promote · 2d6a915e

Jim Jagielski authored Dec 06, 2016


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772924 13f79535-47bb-0310-9956-ffa450edef68

2d6a915e

vote · 4d404ae2

Jim Jagielski authored Dec 06, 2016


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772923 13f79535-47bb-0310-9956-ffa450edef68

4d404ae2

Merge r1772489, r1772504 from trunk: · 57b1dba7

Jim Jagielski authored Dec 06, 2016

The default value of 'inherit' should be AP_LUA_INHERIT_UNSET.
With this value, the behavior is the same as 'parent-first' in the 'LuaInherit' directive

If not explicitelly initialized, its value is 0 because of the 'apr_calloc 'in 'create_dir_config'. 0 means 'AP_LUA_INHERIT_NONE'

PR 60419

Missing CHNAGES for r1772489
Submitted by: jailletc36
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772922 13f79535-47bb-0310-9956-ffa450edef68

57b1dba7

format CVE entries · e0da07a4

Eric Covener authored Dec 06, 2016



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772895 13f79535-47bb-0310-9956-ffa450edef68

e0da07a4

· f4255f4a

Eric Covener authored Dec 06, 2016

siphash


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772818 13f79535-47bb-0310-9956-ffa450edef68

f4255f4a

Vote, promote. · 1dff6486

Yann Ylavic authored Dec 06, 2016

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772817 13f79535-47bb-0310-9956-ffa450edef68

1dff6486

Dec 05, 2016

Propose mod_session_crypto fix for CVE-2016-0736. · c9a2aab2

Yann Ylavic authored Dec 05, 2016

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772814 13f79535-47bb-0310-9956-ffa450edef68

c9a2aab2