>From cd64a103da1dd740cded6e7814c99091c6cba0e6 Mon Sep 17 00:00:00 2001
From: Juliusz Chroboczek <[email protected]>
Date: Mon, 14 Apr 2014 00:53:48 +0200
Subject: [PATCH] Fail requests with Expect:continue on the local interface.
This might or might not fix CVE-2011-3596; difficult to say, since
nobody seems to want to tell me what said CVE is about.
---
local.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/local.c b/local.c
index 34f35c9..fff3c27 100644
--- a/local.c
+++ b/local.c
@@ -309,6 +309,12 @@ httpSpecialSideRequest(ObjectPtr object, int method, int
from, int to,
return 1;
}
+ if(requestor->flags & REQUEST_WAIT_CONTINUE) {
+ httpClientError(requestor, 417, internAtom("Expectation failed"));
+ requestor->connection->flags &= ~CONN_READER;
+ return 1;
+ }
+
return httpSpecialDoSide(requestor);
}
--
1.9.1
------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________
Polipo-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/polipo-users
