From 1e73116ec53f07d44e01ae3c8c180fc4caca660d Mon Sep 17 00:00:00 2001
From: Joe Orton <jorton@apache.org>
Date: Tue, 24 Jul 2012 12:54:38 +0000
Subject: [PATCH] * modules/proxy/proxy_util.c (ap_proxy_checkproxyblock): Fix
 memory   leak/thread-unsafe use of pconf.

Submitted by: rpluem, jorton


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1365020 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES                    |  3 +++
 modules/proxy/proxy_util.c | 18 ++++++++++--------
 2 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/CHANGES b/CHANGES
index b0aba5078e..ba7bcb1c6a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) mod_proxy: Fix memory leak or possible corruption in ProxyBlock
+     implementation.  [Ruediger Pluem, Joe Orton]
+
   *) mod_proxy: Check hostname from request URI against ProxyBlock list,
      not forward proxy, if ProxyRemote* is configured.  [Joe Orton]
 
diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
index 1a28ed8aa6..6bf39e9b9c 100644
--- a/modules/proxy/proxy_util.c
+++ b/modules/proxy/proxy_util.c
@@ -759,6 +759,8 @@ static int proxy_match_word(struct dirconn_entry *This, request_rec *r)
     return host != NULL && ap_strstr_c(host, This->name) != NULL;
 }
 
+#define MAX_IP_STR_LEN (46)
+
 PROXY_DECLARE(int) ap_proxy_checkproxyblock(request_rec *r, proxy_server_conf *conf,
                                             const char *hostname, apr_sockaddr_t *addr)
 {
@@ -788,19 +790,19 @@ PROXY_DECLARE(int) ap_proxy_checkproxyblock(request_rec *r, proxy_server_conf *c
 
         while (conf_addr) {
             apr_sockaddr_t *uri_addr = addr;
+            char caddr[MAX_IP_STR_LEN], uaddr[MAX_IP_STR_LEN];
+
+            apr_sockaddr_ip_getbuf(caddr, sizeof caddr, conf_addr);
 
             while (uri_addr) {
-                char *conf_ip;
-                char *uri_ip;
-                apr_sockaddr_ip_get(&conf_ip, conf_addr);
-                apr_sockaddr_ip_get(&uri_ip, uri_addr);
+                apr_sockaddr_ip_getbuf(uaddr, sizeof uaddr, uri_addr);
                 ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
-                              "ProxyBlock comparing %s and %s", conf_ip,
-                              uri_ip);
-                if (!apr_strnatcasecmp(conf_ip, uri_ip)) {
+                              "ProxyBlock comparing %s and %s", caddr,
+                              uaddr);
+                if (!strcmp(caddr, uaddr)) {
                     ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(00917)
                                   "connect to remote machine %s blocked: "
-                                  "IP %s matched", hostname, conf_ip);
+                                  "IP %s matched", hostname, caddr);
                     return HTTP_FORBIDDEN;
                 }
                 uri_addr = uri_addr->next;
-- 
2.50.0