Forward port security patch for CAN-2003-0254 from 2.0.

author Sander Striker <striker@apache.org>

Wed, 9 Jul 2003 12:19:01 +0000 (12:19 +0000)

committer Sander Striker <striker@apache.org>

Wed, 9 Jul 2003 12:19:01 +0000 (12:19 +0000)
author Sander Striker <striker@apache.org>
Wed, 9 Jul 2003 12:19:01 +0000 (12:19 +0000)
committer Sander Striker <striker@apache.org>
Wed, 9 Jul 2003 12:19:01 +0000 (12:19 +0000)
diff --git a/CHANGES b/CHANGES

index b7c4d8fe4fa8cc54ade54b8a6f5b1be5c86c5ff5..12fe33322e0b7f25440b5099bb3358735b7dbad0 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -169,6 +169,11 @@ Changes with Apache 2.0.48
  
  Changes with Apache 2.0.47
  
+  *) SECURITY [CAN-2003-0254]: Fixed a bug in ftp proxy causing denial
+     of service when target host is IPv6 but proxy server can't create
+     IPv6 socket.  Fixed by the reporter.  [Yoshioka Tsuneo
+     <tsuneo.yoshioka@f-secure.com>]
+
    *) SECURITY [VU#379828] Prevent the server from crashing when entering
       infinite loops. The new LimitInternalRecursion directive configures
       limits of subsequent internal redirects and nested subrequests, after
diff --git a/modules/proxy/proxy_ftp.c b/modules/proxy/proxy_ftp.c

index 279205884ef32b0ddf6a70f55ad89abeaf15efff..c38773cb6b6f6dae9a4265351c6996404e6fe116 100644 (file)
--- a/modules/proxy/proxy_ftp.c
+++ b/modules/proxy/proxy_ftp.c
@@ -957,6 +957,7 @@ int ap_proxy_ftp_handler(request_rec *r, proxy_server_conf *conf,
             if ((rv = apr_socket_create(&sock, connect_addr->family, SOCK_STREAM, r->pool)) != APR_SUCCESS) {
                 ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
                               "proxy: FTP: error creating socket");
+                connect_addr = connect_addr->next;
                 continue;
             }
  
@@ -974,6 +975,7 @@ int ap_proxy_ftp_handler(request_rec *r, proxy_server_conf *conf,
  #ifndef _OSD_POSIX              /* BS2000 has this option "always on" */
                 ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
                               "proxy: FTP: error setting reuseaddr option: apr_socket_opt_set(APR_SO_REUSEADDR)");
+                connect_addr = connect_addr->next;
                 continue;
  #endif                          /* _OSD_POSIX */
             }
author	Sander Striker <striker@apache.org>
	Wed, 9 Jul 2003 12:19:01 +0000 (12:19 +0000)
committer	Sander Striker <striker@apache.org>
	Wed, 9 Jul 2003 12:19:01 +0000 (12:19 +0000)
CHANGES		patch \| blob \| history
modules/proxy/proxy_ftp.c		patch \| blob \| history