From: Rainer Jung Date: Thu, 10 Jun 2010 18:52:27 +0000 (+0000) Subject: Use APR_STATUS_IS_TIMEUP instead of direct compare to APR_TIMEUP to X-Git-Tag: 2.3.6~3 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=dd92e8d0d36b4cc63f091a3a2aaf38903cdc043c;p=apache Use APR_STATUS_IS_TIMEUP instead of direct compare to APR_TIMEUP to be more safe on different platforms. Note: This commit has an additional, platform-independent change to mark the back-end connection for closing ("backend->close = 1;"). That code is not required to resolve CVE-2010-2068 on any platform. PR: 49417 Addresses CVE-2010-2068 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@953418 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c index 84f3836601..44def30543 100644 --- a/modules/proxy/mod_proxy_http.c +++ b/modules/proxy/mod_proxy_http.c @@ -1403,7 +1403,7 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r, ap_log_rerror(APLOG_MARK, APLOG_ERR, rc, r, "proxy: error reading status line from remote " "server %s:%d", backend->hostname, backend->port); - if (rc == APR_TIMEUP) { + if (APR_STATUS_IS_TIMEUP(rc)) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "proxy: read timeout"); } @@ -1419,7 +1419,7 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r, * we normally would handle timeouts */ if (r->proxyreq == PROXYREQ_REVERSE && c->keepalives && - rc != APR_TIMEUP) { + !APR_STATUS_IS_TIMEUP(rc)) { apr_bucket *eos; ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, @@ -1451,6 +1451,8 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r, APR_BUCKET_INSERT_BEFORE(eos, e); } ap_pass_brigade(r->output_filters, bb); + /* Mark the backend connection for closing */ + backend->close = 1; /* Need to return OK to avoid sending an error message */ return OK; }