]> granicus.if.org Git - apache/commitdiff
projects / apache / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1541eb4)
Use APR_STATUS_IS_TIMEUP instead of direct compare to APR_TIMEUP to
authorRainer Jung <rjung@apache.org>
Thu, 10 Jun 2010 18:52:27 +0000 (18:52 +0000)
committerRainer Jung <rjung@apache.org>
Thu, 10 Jun 2010 18:52:27 +0000 (18:52 +0000)
be more safe on different platforms.

Note: This commit has an additional, platform-independent change to
mark the back-end connection for closing ("backend->close = 1;").
That code is not required to resolve CVE-2010-2068 on any platform.

PR: 49417
Addresses CVE-2010-2068

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@953418 13f79535-47bb-0310-9956-ffa450edef68

modules/proxy/mod_proxy_http.c patch | blob | history

diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c
index 84f3836601ca83ffb02f82f606a04c40a0bf2c78..44def30543e668d6a86a19c337c27ff87392c866 100644 (file)
--- a/modules/proxy/mod_proxy_http.c
+++ b/modules/proxy/mod_proxy_http.c
@@ -1403,7 +1403,7 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r,
             ap_log_rerror(APLOG_MARK, APLOG_ERR, rc, r,
                           "proxy: error reading status line from remote "
                           "server %s:%d", backend->hostname, backend->port);
-            if (rc == APR_TIMEUP) {
+            if (APR_STATUS_IS_TIMEUP(rc)) {
                 ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
                               "proxy: read timeout");
             }
@@ -1419,7 +1419,7 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r,
              * we normally would handle timeouts
              */
             if (r->proxyreq == PROXYREQ_REVERSE && c->keepalives &&
-                rc != APR_TIMEUP) {
+                !APR_STATUS_IS_TIMEUP(rc)) {
                 apr_bucket *eos;
 
                 ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
@@ -1451,6 +1451,8 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r,
                     APR_BUCKET_INSERT_BEFORE(eos, e);
                 }
                 ap_pass_brigade(r->output_filters, bb);
+                /* Mark the backend connection for closing */
+                backend->close = 1;
                 /* Need to return OK to avoid sending an error message */
                 return OK;
             }
Unnamed repository; edit this file 'description' to name the repository.