HTTPProtoco Options Apache 2.2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Yann/Eric.
-        We have ported the changes for CVE -2016-8743. into apache 2.2 on HP-UX
           But while testing we find that HTTPProtocolOption Unsafe tested with GET /HTTP 1.0/\n\n responds with BAD Request, when it is suppose to succeed.

           However after making changes as mentioned in 
           https://bz.apache.org/bugzilla/show_bug.cgi?id=60704, Unsafe option responds with a success.

Is the below change valid for 2.2?

in 2.2.32:
static void *merge_core_server_configs(apr_pool_t *p, void *basev, void *virtv)
{
    core_server_config *base = (core_server_config *)basev;
    core_server_config *virt = (core_server_config *)virtv;
    core_server_config *conf;

    conf = (core_server_config *)apr_pmemdup(p, base, sizeof(core_server_config));

in 2.4.25:
static void *merge_core_server_configs(apr_pool_t *p, void *basev, void *virtv)
{
    core_server_config *base = (core_server_config *)basev;
    core_server_config *virt = (core_server_config *)virtv;
    core_server_config *conf = (core_server_config *)
                               apr_pmemdup(p, base, sizeof(core_server_config));

Please advise.

Thanks
Rashmi
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux