1. mirror
  2. Apache HTTP Server

Commits

Graham Leggett  committed f5e55ef

mod_proxy: Reject invalid values for Max-Forwards.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@148130213f79535-47bb-0310-9956-ffa450edef68

  • Participants
  • Parent commits 5da9feb
  • Branches trunk

Comments (0)

Files changed (2)

File CHANGES

View file
  • Ignore whitespace
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) mod_proxy: Reject invalid values for Max-Forwards. [Graham Leggett,
+     Co-Advisor <coad measurement-factory.com>]
+
   *) mod_cache: If a 304 response indicates an entity not currently cached, then
      the cache MUST disregard the response and repeat the request without the
      conditional. [Graham Leggett, Co-Advisor <coad measurement-factory.com>]

File modules/proxy/mod_proxy.c

View file
  • Ignore whitespace
     int i, rc, access_status;
     int direct_connect = 0;
     const char *str;
-    long maxfwd;
+    apr_int64_t maxfwd;
     proxy_balancer *balancer = NULL;
     proxy_worker *worker = NULL;
     int attempts = 0, max_attempts = 0;
 
     /* handle max-forwards / OPTIONS / TRACE */
     if ((str = apr_table_get(r->headers_in, "Max-Forwards"))) {
-        maxfwd = strtol(str, NULL, 10);
-        if (maxfwd < 1) {
+        char *end;
+        maxfwd = apr_strtoi64(str, &end, 10);
+        if (maxfwd < 0 || maxfwd == APR_INT64_MAX || *end) {
+            return ap_proxyerror(r, HTTP_BAD_REQUEST,
+                    apr_psprintf(r->pool,
+                            "Max-Forwards value '%s' could not be parsed", str));
+        }
+        else if (maxfwd == 0) {
             switch (r->method_number) {
             case M_TRACE: {
                 int access_status;
                 return OK;
             }
             default: {
-                return ap_proxyerror(r, HTTP_BAD_GATEWAY,
+                return ap_proxyerror(r, HTTP_BAD_REQUEST,
                                      "Max-Forwards has reached zero - proxy loop?");
             }
             }