blob: 4eb6b85b1a73110d6f8159f4905bf3f696266b63 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
From 8c162db8b65b2193e622b780e8c6516d4265f68b Mon Sep 17 00:00:00 2001
From: Yann Ylavic <ylavic@apache.org>
Date: Mon, 11 May 2015 15:48:58 +0000
Subject: [PATCH] mod_proxy_http: follow up to r1656259. The proxy connection
may be NULL during prefetch, don't try to dereference it! Still
origin->keepalive will be set according to p_conn->close by the caller
(proxy_http_handler).
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1678771 13f79535-47bb-0310-9956-ffa450edef68
Upstream-Status: Backport
CVE: CVE-2020-35504
Reference to upstream patch:
https://bugzilla.redhat.com/show_bug.cgi?id=1966738
https://github.com/apache/httpd/commit/8c162db8b65b2193e622b780e8c6516d4265f68b
Signed-off-by: Li Wang <li.wang@windriver.com>
---
modules/proxy/mod_proxy_http.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c
index ec1e042..5f507d5 100644
--- a/modules/proxy/mod_proxy_http.c
+++ b/modules/proxy/mod_proxy_http.c
@@ -570,7 +570,6 @@ static int ap_proxy_http_prefetch(proxy_http_req_t *req,
apr_off_t bytes;
int force10, rv;
apr_read_type_e block;
- conn_rec *origin = p_conn->connection;
if (apr_table_get(r->subprocess_env, "force-proxy-request-1.0")) {
if (req->expecting_100) {
@@ -630,7 +629,6 @@ static int ap_proxy_http_prefetch(proxy_http_req_t *req,
"chunked body with Content-Length (C-L ignored)",
c->client_ip, c->remote_host ? c->remote_host: "");
req->old_cl_val = NULL;
- origin->keepalive = AP_CONN_CLOSE;
p_conn->close = 1;
}
--
2.7.4
|
