diff options
author | Joe Orton <jorton@apache.org> | 2007-07-16 13:25:11 +0000 |
---|---|---|
committer | Joe Orton <jorton@apache.org> | 2007-07-16 13:25:11 +0000 |
commit | 5cf38df49207f099940df6b2413d17f0ba7c0aad (patch) | |
tree | 7effe78ab7e345f2f7dffbee0894506851948527 /modules | |
parent | e6e890f3f438a262ceac4600a32e481085131eb9 (diff) | |
download | httpd-5cf38df49207f099940df6b2413d17f0ba7c0aad.tar.gz |
Merge r535617 from trunk (fixing CVE-2007-1863):
* Prevent a segmentation fault if one of the Cache-Control headers
s-maxage, max-age, min-fresh, max-stale has no value assigned.
In this case ignore s-maxage, max-age, min-fresh. For max-stale
it is valid to set no value. In this case set max-stale to 1 year
to signal that the client is accepting a stale response of any age.
Submitted by: Niklas Edmundsson <nikke acc.umu.se>
Reviewed by: mjc, rpluem, jorton
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@556619 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules')
-rw-r--r-- | modules/experimental/cache_util.c | 30 |
1 files changed, 25 insertions, 5 deletions
diff --git a/modules/experimental/cache_util.c b/modules/experimental/cache_util.c index eaac9d533e..9782cb7b5e 100644 --- a/modules/experimental/cache_util.c +++ b/modules/experimental/cache_util.c @@ -186,7 +186,8 @@ CACHE_DECLARE(int) ap_cache_check_freshness(cache_handle_t *h, age = ap_cache_current_age(info, age_c, r->request_time); /* extract s-maxage */ - if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "s-maxage", &val)) { + if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "s-maxage", &val) + && val != NULL) { smaxage = apr_atoi64(val); } else if (cc_ceresp && ap_cache_liststr(r->pool, cc_ceresp, "s-maxage", &val)) { @@ -197,7 +198,8 @@ CACHE_DECLARE(int) ap_cache_check_freshness(cache_handle_t *h, } /* extract max-age from request */ - if (cc_req && ap_cache_liststr(r->pool, cc_req, "max-age", &val)) { + if (cc_req && ap_cache_liststr(r->pool, cc_req, "max-age", &val) + && val != NULL) { maxage_req = apr_atoi64(val); } else { @@ -205,7 +207,8 @@ CACHE_DECLARE(int) ap_cache_check_freshness(cache_handle_t *h, } /* extract max-age from response */ - if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "max-age", &val)) { + if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "max-age", &val) + && val != NULL) { maxage_cresp = apr_atoi64(val); } else if (cc_ceresp && ap_cache_liststr(r->pool, cc_ceresp, "max-age", &val)) { @@ -231,14 +234,28 @@ CACHE_DECLARE(int) ap_cache_check_freshness(cache_handle_t *h, /* extract max-stale */ if (cc_req && ap_cache_liststr(r->pool, cc_req, "max-stale", &val)) { - maxstale = apr_atoi64(val); + if(val != NULL) { + maxstale = apr_atoi64(val); + } + else { + /* + * If no value is assigned to max-stale, then the client is willing + * to accept a stale response of any age (RFC2616 14.9.3). We will + * set it to one year in this case as this situation is somewhat + * similar to a "never expires" Expires header (RFC2616 14.21) + * which is set to a date one year from the time the response is + * sent in this case. + */ + maxstale = APR_INT64_C(86400*365); + } } else { maxstale = 0; } /* extract min-fresh */ - if (cc_req && ap_cache_liststr(r->pool, cc_req, "min-fresh", &val)) { + if (cc_req && ap_cache_liststr(r->pool, cc_req, "min-fresh", &val) + && val != NULL) { minfresh = apr_atoi64(val); } else { @@ -384,6 +401,9 @@ CACHE_DECLARE(int) ap_cache_liststr(apr_pool_t *p, const char *list, next - val_start); } } + else { + *val = NULL; + } } return 1; } |