17 lines
814 B
Plaintext
17 lines
814 B
Plaintext
$OpenBSD: patch-modules_dav_main_util_c,v 1.1 2011/02/12 21:05:38 pea Exp $
|
|
|
|
Fix CVE-2010-1452
|
|
|
|
--- modules/dav/main/util.c.orig Sat Jan 5 10:45:07 2008
|
|
+++ modules/dav/main/util.c Tue Feb 8 11:56:28 2011
|
|
@@ -624,7 +624,8 @@ static dav_error * dav_process_if_header(request_rec *
|
|
|
|
/* 2518 specifies this must be an absolute URI; just take the
|
|
* relative part for later comparison against r->uri */
|
|
- if (apr_uri_parse(r->pool, uri, &parsed_uri) != APR_SUCCESS) {
|
|
+ if (apr_uri_parse(r->pool, uri, &parsed_uri) != APR_SUCCESS
|
|
+ || !parsed_uri.path) {
|
|
return dav_new_error(r->pool, HTTP_BAD_REQUEST,
|
|
DAV_ERR_IF_TAGGED,
|
|
"Invalid URI in tagged If-header.");
|