Fwd: svn commit: r943980 - in /httpd/httpd/branches/2.0.x: CHANGES
STATUS modules/proxy/proxy_ftp.c
Philip M. Gollucci
pgollucci at p6m7g8.com
Mon May 17 03:57:33 UTC 2010
-------- Original Message --------
Subject: svn commit: r943980 - in /httpd/httpd/branches/2.0.x: CHANGES
STATUS modules/proxy/proxy_ftp.c
Date: Thu, 13 May 2010 19:18:50 -0000
From: trawick at apache.org
Reply-To: dev at httpd.apache.org
To: cvs at httpd.apache.org
Author: trawick
Date: Thu May 13 19:18:50 2010
New Revision: 943980
URL: http://svn.apache.org/viewvc?rev=943980&view=rev
Log:
merge r814045 from trunk (2.2.x rev 814847):
CVE-2009-3095: mod_proxy_ftp sanity check authn credentials.
Submitted by: Stefan Fritsch <sf fritsch.de>, Joe Orton
Reviewed by: pgollucci, poirier, rjung, trawick
Modified:
httpd/httpd/branches/2.0.x/CHANGES
httpd/httpd/branches/2.0.x/STATUS
httpd/httpd/branches/2.0.x/modules/proxy/proxy_ftp.c
Modified: httpd/httpd/branches/2.0.x/CHANGES
URL:
http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?rev=943980&r1=943979&r2=943980&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.0.x/CHANGES [utf-8] Thu May 13 19:18:50 2010
@@ -1,6 +1,10 @@
-*- coding:
utf-8 -*-
Changes with Apache 2.0.64
+ *) SECURITY: CVE-2009-3095 (cve.mitre.org)
+ mod_proxy_ftp: sanity check authn credentials.
+ [Stefan Fritsch <sf fritsch.de>, Joe Orton]
+
*) SECURITY: CVE-2009-3094 (cve.mitre.org)
mod_proxy_ftp: NULL pointer dereference on error paths.
[Stefan Fritsch <sf fritsch.de>, Joe Orton]
Modified: httpd/httpd/branches/2.0.x/STATUS
URL:
http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/STATUS?rev=943980&r1=943979&r2=943980&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/STATUS (original)
+++ httpd/httpd/branches/2.0.x/STATUS Thu May 13 19:18:50 2010
@@ -125,13 +125,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
http://people.apache.org/~fuankg/diffs/httpd-2.0.x-ap_vhost_iterate_given_conn.diff
+1: fuankg, wrowe, pgollucci
- * mod_proxy_ftp, CVE-2009-3095, sanity check authn credentials
- Patch in 2.2.x branch:
- http://svn.apache.org/viewvc?view=revision&revision=814847
- Backport:
- http://people.apache.org/~trawick/CVE-2009-3095-2.0.txt
- +1: pgollucci, poirier, rjung, trawick
-
* core output filter, CVE-2009-1891, consuming CPU after client
disconnects
Patch in 2.2.x branch:
http://svn.apache.org/viewvc?view=revision&revision=791454
Modified: httpd/httpd/branches/2.0.x/modules/proxy/proxy_ftp.c
URL:
http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/modules/proxy/proxy_ftp.c?rev=943980&r1=943979&r2=943980&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/modules/proxy/proxy_ftp.c (original)
+++ httpd/httpd/branches/2.0.x/modules/proxy/proxy_ftp.c Thu May 13
19:18:50 2010
@@ -890,6 +890,11 @@ int ap_proxy_ftp_handler(request_rec *r,
if ((password = apr_table_get(r->headers_in, "Authorization")) != NULL
&& strcasecmp(ap_getword(r->pool, &password, ' '), "Basic") == 0
&& (password = ap_pbase64decode(r->pool, password))[0] != ':') {
+ /* Check the decoded string for special characters. */
+ if (!ftp_check_string(password)) {
+ return ap_proxyerror(r, HTTP_BAD_REQUEST,
+ "user credentials contained invalid
character");
+ }
/*
* Note that this allocation has to be made from
r->connection->pool
* because it has the lifetime of the connection. The other
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-apache/attachments/20100517/9450c088/signature.pgp
More information about the freebsd-apache
mailing list