mod_security-rpm/mod_security-2.7.6-fix_chunked_string_case_sensitive_issue-cve-2013-5705.patch

From f8d441cd25172fdfe5b613442fedfc0da3cc333d Mon Sep 17 00:00:00 2001
From: Breno Silva <breno.silva@gmail.com>
Date: Wed, 4 Sep 2013 08:57:07 -0300
Subject: [PATCH] Fix Chunked string case sensitive issue - CVE-2013-5705

---
 apache2/modsecurity.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apache2/modsecurity.c b/apache2/modsecurity.c
index 6b77132..b36775d 100644
--- a/apache2/modsecurity.c
+++ b/apache2/modsecurity.c
@@ -297,7 +297,7 @@ apr_status_t modsecurity_tx_init(modsec_rec *msr) {
     if (msr->request_content_length == -1) {
         /* There's no C-L, but is chunked encoding used? */
         char *transfer_encoding = (char *)apr_table_get(msr->request_headers, "Transfer-Encoding");
-        if ((transfer_encoding != NULL)&&(strstr(transfer_encoding, "chunked") != NULL)) {
+        if ((transfer_encoding != NULL)&&(m_strcasestr(transfer_encoding, "chunked") != NULL)) {
             msr->reqbody_should_exist = 1;
             msr->reqbody_chunked = 1;
         }
-- 
1.9.1