Security fix - this is presumed to fix CVE-2009-3094 (the disclosed
information was limited so this has not been confirmed):
* modules/proxy/mod_proxy_ftp.c (parse_epsv_reply): New function.
(proxy_ftp_handler): Fix possible NULL pointer deference in
apr_socket_close(NULL) on error paths. Fix possible buffer overread
in EPSV response parser; use parse_epsv_reply instead. Thanks to
Jeff Trawick and Stefan Fritsch for analysis of this issue.
Submitted by: Stefan Fritsch <sf fritsch.de>, jorton
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@814652
13f79535-47bb-0310-9956-
ffa450edef68
projects / apache / commit