SECURITY: CAN-2004-0492 (cve.mitre.org)

Reject responses from a remote server if sent an invalid (negative) Content-Length. [Mark Cox]
author: henning <henning@openbsd.org> 2004-06-10 16:55:02 +0000
committer: henning <henning@openbsd.org> 2004-06-10 16:55:02 +0000
commit: f7cd0d605158bbbffc68e1556b79c4150fc787a9 (patch)
tree: 35a082c9f28a6eb88cdd4fced19c2a2fef64963b
parent: Fix a logic error in sglist creation. (diff)
download: wireguard-openbsd-f7cd0d605158bbbffc68e1556b79c4150fc787a9.tar.xz
wireguard-openbsd-f7cd0d605158bbbffc68e1556b79c4150fc787a9.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/usr.sbin/httpd/src/modules/proxy/proxy_http.c b/usr.sbin/httpd/src/modules/proxy/proxy_http.c
index e82576d139a..428985691fd 100644
--- a/usr.sbin/httpd/src/modules/proxy/proxy_http.c
+++ b/usr.sbin/httpd/src/modules/proxy/proxy_http.c
@@ -561,6 +561,13 @@ int ap_proxy_http_handler(request_rec *r, cache_req *c, char *url,
         content_length = ap_table_get(resp_hdrs, "Content-Length");
         if (content_length != NULL) {
             c->len = ap_strtol(content_length, NULL, 10);
+
+	    if (c->len < 0) {
+		ap_kill_timeout(r);
+		return ap_proxyerror(r, HTTP_BAD_GATEWAY, ap_pstrcat(r->pool,
+				     "Invalid Content-Length from remote server",
+                                      NULL));
+	    }
         }
 
     }
author	henning <henning@openbsd.org>	2004-06-10 16:55:02 +0000
committer	henning <henning@openbsd.org>	2004-06-10 16:55:02 +0000
commit	f7cd0d605158bbbffc68e1556b79c4150fc787a9 (patch)
tree	35a082c9f28a6eb88cdd4fced19c2a2fef64963b
parent	Fix a logic error in sglist creation. (diff)
download	wireguard-openbsd-f7cd0d605158bbbffc68e1556b79c4150fc787a9.tar.xz wireguard-openbsd-f7cd0d605158bbbffc68e1556b79c4150fc787a9.zip