Skip to content
GitLab
  1. 12 May, 2009 2 commits
    • Eric Covener's avatar
      backport 772997, 773322, 773342 from trunk. · bd3a7c90
      Eric Covener authored 
      Reviewed By: jorton, rpluem, covener

Security fix for CVE-2009-1195: fix Options handling such that
'AllowOverride Options=IncludesNoExec' does not permit Includes with
exec= enabled to be configured in an .htaccess file:

* include/http_core.h: Change semantics of Includes/IncludeNoExec
 options bits to be additive; OPT_INCLUDES now means SSI is enabled
 without exec=.  OPT_INCLUDES|OPT_INC_WITH_EXEC means SSI is enabled
 with exec=.

* server/core.c (create_core_dir_config): Remove defunct OPT_INCNOEXEC
 from default override_opts; no functional change.
 (merge_core_dir_configs): Update logic to ensure that exec= is
 disabled in a context where IncludesNoexec is configured, even if
 Includes-with-exec is permitted in the inherited options set.
 (set_allow_opts, set_options): Update to reflect new semantics
 of OPT_INCLUDES, OPT_INC_WITH_EXEC.

* server/config.c: Update to remove OPT_INCNOEXEC from default
 override_opts; no functional change.

* modules/filters/mod_include.c (includes_filter): Update to reflect
 new options semantics - disable exec= support if the
 OPT_INC_WITH_EXEC bit is not set.

Submitted by: Jonathan Peatfield <j.s.peatfield damtp.cam.ac.uk>,
         jorton
Thanks to: Vincent Danon <vdanon redhat.com>




git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773881 13f79535-47bb-0310-9956-ffa450edef68
      bd3a7c90
    • Eric Covener's avatar
      vote & promote CVE-2009-1195 · 444b2b97
      Eric Covener authored 
      
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773880 13f79535-47bb-0310-9956-ffa450edef68
      444b2b97
  3. 10 May, 2009 5 commits
  5. 08 May, 2009 2 commits
  7. 06 May, 2009 2 commits
  9. 05 May, 2009 1 commit
  11. 04 May, 2009 7 commits
  13. 03 May, 2009 1 commit
  15. 30 Apr, 2009 1 commit
  17. 27 Apr, 2009 1 commit
  19. 25 Apr, 2009 6 commits
  21. 23 Apr, 2009 1 commit
  23. 22 Apr, 2009 1 commit
  25. 20 Apr, 2009 3 commits
  27. 19 Apr, 2009 2 commits
  29. 18 Apr, 2009 2 commits
  31. 17 Apr, 2009 3 commits
    • Jim Jagielski's avatar
      Merge r757741 from trunk: · f0928daf
      Jim Jagielski authored 
      * Fix a memory leak by freeing the memory consumed by the bucket.

PR: 44948
Submitted by: Dan Poirier <poirier pobox.com>
Reviewed by: rpluem

Submitted by: rpluem
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@766002 13f79535-47bb-0310-9956-ffa450edef68
      f0928daf
    • Jim Jagielski's avatar
      Merge r755190 from trunk: · 5cfcf8c9
      Jim Jagielski authored 
      * APR_BUCKET_NEXT is wrong here as we are already a doing a APR_BUCKET_NEXT in
  the for loop and this causes us to jump *two* buckets forward. This can cause
  us to jump over the Sentinel of the brigade and thus causes an endless loop.


Submitted by: rpluem
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@766001 13f79535-47bb-0310-9956-ffa450edef68
      5cfcf8c9
    • Jim Jagielski's avatar
      Merge r756671, r756675, r756678, r756683 from trunk: · 83d5298a
      Jim Jagielski authored 
      Creation of external gzip process fails, if we
try to set the working directory to r->filename.
Use ap_make_dirstr_parent() instead, like in all
other similar places.


Creating the external gzip process fails, because we
call execve() with "gzip" without full path.
Let's look for it in the PATH instead and drop the
passing of the environment. There seems to be no
reason why gzip should need the httpd environment.


Set the content encoding for compressed content
even if we can't detect the content type of the
uncompressed content.


When trying to detect the content type of the
uncompressed content it is often not enough
to read the same number of bytes, we already
read compressed. Since uncompress() allocates a
new buffer, we can increase the number of bytes
to read to the same size, we use in the case,
where the content isn't compressed.

Furthermore zero-terminate the read data to keep
assumptions consistent with the uncompressed case.

Submitted by: rjung
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@765999 13f79535-47bb-0310-9956-ffa450edef68
      83d5298a