cgoncalves / rpms / mod_security

Forked from rpms/mod_security 4 years ago
Clone

Blame SOURCES/modsecurity-2.7.3-CVE-2013-5705.patch

7376a7
diff -up modsecurity-apache_2.7.3/apache2/modsecurity.c.CVE-2013-5705 modsecurity-apache_2.7.3/apache2/modsecurity.c
7376a7
--- modsecurity-apache_2.7.3/apache2/modsecurity.c.CVE-2013-5705	2014-04-03 11:39:46.451454455 +0200
7376a7
+++ modsecurity-apache_2.7.3/apache2/modsecurity.c	2014-04-03 11:40:47.176660100 +0200
7376a7
@@ -297,7 +297,7 @@ apr_status_t modsecurity_tx_init(modsec_
7376a7
     if (msr->request_content_length == -1) {
7376a7
         /* There's no C-L, but is chunked encoding used? */
7376a7
         char *transfer_encoding = (char *)apr_table_get(msr->request_headers, "Transfer-Encoding");
7376a7
-        if ((transfer_encoding != NULL)&&(strstr(transfer_encoding, "chunked") != NULL)) {
7376a7
+        if ((transfer_encoding != NULL)&&(m_strcasestr(transfer_encoding, "chunked") != NULL)) {
7376a7
             msr->reqbody_should_exist = 1;
7376a7
             msr->reqbody_chunked = 1;
7376a7
         }