From 0f0480b2631ca6b827c386b6458ca1a860ab7f20 Mon Sep 17 00:00:00 2001 From: Joe Orton Date: Fri, 11 Sep 2009 21:49:50 +0000 Subject: [PATCH] Security fix - this is presumed to fix CVE-2009-3095 (the disclosed information was limited so this has not been confirmed): * modules/proxy/mod_proxy_ftp.c (proxy_ftp_handler): Fail if the decoded Basic credentials contain "special" characters. Thanks to Stefan Fritsch for analysis of this issue. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@814045 13f79535-47bb-0310-9956-ffa450edef68 --- modules/proxy/mod_proxy_ftp.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/proxy/mod_proxy_ftp.c b/modules/proxy/mod_proxy_ftp.c index 582cdc9ecf..1caa604dcb 100644 --- a/modules/proxy/mod_proxy_ftp.c +++ b/modules/proxy/mod_proxy_ftp.c @@ -968,6 +968,11 @@ static int proxy_ftp_handler(request_rec *r, proxy_worker *worker, if ((password = apr_table_get(r->headers_in, "Authorization")) != NULL && strcasecmp(ap_getword(r->pool, &password, ' '), "Basic") == 0 && (password = ap_pbase64decode(r->pool, password))[0] != ':') { + /* Check the decoded string for special characters. */ + if (!ftp_check_string(password)) { + return ap_proxyerror(r, HTTP_BAD_REQUEST, + "user credentials contained invalid character"); + } /* * Note that this allocation has to be made from r->connection->pool * because it has the lifetime of the connection. The other -- 2.40.0