1 files changed, 51 insertions, 0 deletions

diff --git a/2.2/patches/11_all_CVE-2007-1862.patch b/2.2/patches/11_all_CVE-2007-1862.patch
new file mode 100644
index 0000000..17e6cc5
--- /dev/null
+++ b/2.2/patches/11_all_CVE-2007-1862.patch
@@ -0,0 +1,51 @@
+--- httpd-2.2.4/modules/cache/mod_mem_cache.c.cve1862
++++ httpd-2.2.4/modules/cache/mod_mem_cache.c
+@@ -539,12 +539,28 @@
+     return OK;
+ }
+ 
++static apr_table_t *deep_table_copy(apr_pool_t *p, const apr_table_t *table)
++{
++    const apr_array_header_t *array = apr_table_elts(table);
++    apr_table_entry_t *elts = (apr_table_entry_t *) array->elts;
++    apr_table_t *copy = apr_table_make(p, array->nelts);
++    int i;
++
++    for (i = 0; i < array->nelts; i++) {
++        if (elts[i].key) {  
++            apr_table_add(copy, elts[i].key, elts[i].val);
++        }
++    }
++
++    return copy;
++}
++
+ static apr_status_t recall_headers(cache_handle_t *h, request_rec *r)
+ {
+     mem_cache_object_t *mobj = (mem_cache_object_t*) h->cache_obj->vobj;
+ 
+-    h->req_hdrs = apr_table_copy(r->pool, mobj->req_hdrs);
+-    h->resp_hdrs = apr_table_copy(r->pool, mobj->header_out);
++    h->req_hdrs = deep_table_copy(r->pool, mobj->req_hdrs);
++    h->resp_hdrs = deep_table_copy(r->pool, mobj->header_out);
+ 
+     return OK;
+ }
+@@ -585,7 +601,7 @@
+      * - The original response headers (for returning with a cached response)
+      * - The body of the message
+      */
+-    mobj->req_hdrs = apr_table_copy(mobj->pool, r->headers_in);
++    mobj->req_hdrs = deep_table_copy(mobj->pool, r->headers_in);
+ 
+     /* Precompute how much storage we need to hold the headers */
+     headers_out = ap_cache_cacheable_hdrs_out(r->pool, r->headers_out,
+@@ -599,7 +615,7 @@
+     }
+ 
+     headers_out = apr_table_overlay(r->pool, headers_out, r->err_headers_out);
+-    mobj->header_out = apr_table_copy(mobj->pool, headers_out);
++    mobj->header_out = deep_table_copy(mobj->pool, headers_out);
+ 
+     /* Init the info struct */
+     obj->info.status = info->status;