aboutsummaryrefslogtreecommitdiffstats
path: root/meta-webserver/recipes-httpd/apache2/apache2/cve-2016-5387.patch
diff options
context:
space:
mode:
authorJoe Slater <jslater@windriver.com>2016-10-27 09:48:43 -0700
committerMartin Jansa <Martin.Jansa@gmail.com>2016-11-23 15:23:57 +0100
commit6d4ca6868bb6195f3c4cc785a1a8afc1af10f7e2 (patch)
tree81415c7e9960bcc5df1070c85bc8939d79be9a74 /meta-webserver/recipes-httpd/apache2/apache2/cve-2016-5387.patch
parent87affdd40511d557cfe9ae21ad943c7e30937c89 (diff)
downloadmeta-openembedded-contrib-6d4ca6868bb6195f3c4cc785a1a8afc1af10f7e2.tar.gz
meta-openembedded-contrib-6d4ca6868bb6195f3c4cc785a1a8afc1af10f7e2.tar.bz2
meta-openembedded-contrib-6d4ca6868bb6195f3c4cc785a1a8afc1af10f7e2.zip
apache2: cve-2016-5387
Handle HTTP_PROXY envirnoment variable. Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Diffstat (limited to 'meta-webserver/recipes-httpd/apache2/apache2/cve-2016-5387.patch')
-rw-r--r--meta-webserver/recipes-httpd/apache2/apache2/cve-2016-5387.patch25
1 files changed, 25 insertions, 0 deletions
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/cve-2016-5387.patch b/meta-webserver/recipes-httpd/apache2/apache2/cve-2016-5387.patch
new file mode 100644
index 0000000000..dbcdfc6df6
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/apache2/cve-2016-5387.patch
@@ -0,0 +1,25 @@
+This patch has been copied from https://www.apache.org/security/asf-httpoxy-response.txt
+as a mitigation of CVE-2016-5387.
+
+Upstream-Status: Backport - fixed in 2.4.24
+
+Signed-off-by: Joe Slater<jslater@windriver.com>
+
+
+--- a/server/util_script.c (revision 1752426)
++++ b/server/util_script.c (working copy)
+@@ -186,6 +186,14 @@ AP_DECLARE(void) ap_add_common_vars(request_rec *r
+ else if (!strcasecmp(hdrs[i].key, "Content-length")) {
+ apr_table_addn(e, "CONTENT_LENGTH", hdrs[i].val);
+ }
++ /* HTTP_PROXY collides with a popular envvar used to configure
++ * proxies, don't let clients set/override it. But, if you must...
++ */
++#ifndef SECURITY_HOLE_PASS_PROXY
++ else if (!strcasecmp(hdrs[i].key, "Proxy")) {
++ ;
++ }
++#endif
+ /*
+ * You really don't want to disable this check, since it leaves you
+ * wide open to CGIs stealing passwords and people viewing them