From: Takashi Sato <takashi@apache.org>
Date: Tue, 29 Dec 2009 16:25:31 +0000 (+0000)
Subject: tweak handling for default allowed ports
X-Git-Tag: 2.3.5~44
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=517aec9157d80094fedb1c824cdd08b26ffd11a8;p=apache

tweak handling for default allowed ports


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@894430 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/proxy/mod_proxy_connect.c b/modules/proxy/mod_proxy_connect.c
index 8fa2f756b2..48d1d5218d 100644
--- a/modules/proxy/mod_proxy_connect.c
+++ b/modules/proxy/mod_proxy_connect.c
@@ -95,6 +95,11 @@ static int allowed_port(connect_conf *conf, int port)
 {
     int i;
     int *list = (int *) conf->allowed_connect_ports->elts;
+    
+    if(apr_is_empty_array(conf->allowed_connect_ports)){
+        return port == APR_URI_HTTPS_DEFAULT_PORT
+               || port == APR_URI_SNEWS_DEFAULT_PORT;
+    }
 
     for(i = 0; i < conf->allowed_connect_ports->nelts; i++) {
     if(port == list[i])
@@ -251,17 +256,7 @@ static int proxy_connect_handler(request_rec *r, proxy_worker *worker,
     }
 
     /* Check if it is an allowed port */
-    if (c_conf->allowed_connect_ports->nelts == 0) {
-    /* Default setting if not overridden by AllowCONNECT */
-        switch (uri.port) {
-            case APR_URI_HTTPS_DEFAULT_PORT:
-            case APR_URI_SNEWS_DEFAULT_PORT:
-                break;
-            default:
-                 return ap_proxyerror(r, HTTP_FORBIDDEN,
-                                      "Connect to remote machine blocked");
-        }
-    } else if(!allowed_port(c_conf, uri.port)) {
+    if(!allowed_port(c_conf, uri.port)) {
               return ap_proxyerror(r, HTTP_FORBIDDEN,
                                    "Connect to remote machine blocked");
     }