main/apache2: security fix for CVE-2016-5387

fixes #5925
author: Natanael Copa <ncopa@alpinelinux.org> 2016-07-20 13:05:13 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2016-07-20 13:05:48 +0000
commit: 23afbfbed72efa68c1ea62b837270f16535a1c33 (patch)
tree: a471199ea860c6f5fb7d6027d834643e955e00d0 /main/apache2/CVE-2016-5387.patch
parent: 685ffe83039b198cd8f173421c6be85aedcb07f6 (diff)
download: aports-23afbfbed72efa68c1ea62b837270f16535a1c33.tar.bz2
aports-23afbfbed72efa68c1ea62b837270f16535a1c33.tar.xz
1 files changed, 17 insertions, 0 deletions
diff --git a/main/apache2/CVE-2016-5387.patch b/main/apache2/CVE-2016-5387.patch
new file mode 100644
index 0000000000..494afef17c
--- /dev/null
+++ b/main/apache2/CVE-2016-5387.patch
@@ -0,0 +1,17 @@
+--- a/server/util_script.c	(revision 1752426)
++++ b/server/util_script.c	(working copy)
+@@ -186,6 +186,14 @@ AP_DECLARE(void) ap_add_common_vars(request_rec *r
+         else if (!strcasecmp(hdrs[i].key, "Content-length")) {
+             apr_table_addn(e, "CONTENT_LENGTH", hdrs[i].val);
+         }
++        /* HTTP_PROXY collides with a popular envvar used to configure
++         * proxies, don't let clients set/override it.  But, if you must...
++         */
++#ifndef SECURITY_HOLE_PASS_PROXY
++        else if (!strcasecmp(hdrs[i].key, "Proxy")) {
++            ;
++        }
++#endif
+         /*
+          * You really don't want to disable this check, since it leaves you
+          * wide open to CGIs stealing passwords and people viewing them
author	Natanael Copa <ncopa@alpinelinux.org>	2016-07-20 13:05:13 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2016-07-20 13:05:48 +0000
commit	23afbfbed72efa68c1ea62b837270f16535a1c33 (patch)
tree	a471199ea860c6f5fb7d6027d834643e955e00d0 /main/apache2/CVE-2016-5387.patch
parent	685ffe83039b198cd8f173421c6be85aedcb07f6 (diff)
download	aports-23afbfbed72efa68c1ea62b837270f16535a1c33.tar.bz2 aports-23afbfbed72efa68c1ea62b837270f16535a1c33.tar.xz