From aa563a6faf0c2cb8a6c5823feed7e321be26d801 Mon Sep 17 00:00:00 2001 From: Jeff Trawick Date: Thu, 22 Mar 2001 10:03:29 +0000 Subject: [PATCH] Fix a major security problem with double-reverse lookup checking. Previously, a client connecting over IPv4 would not be matched properly when the server had an IPv6 listening socket. PR: 7407 Submitted by: Taketo Kabe Reviewed by: Jeff Trawick git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@88561 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 5 +++++ server/core.c | 12 ++++++++++++ 2 files changed, 17 insertions(+) diff --git a/CHANGES b/CHANGES index b2e3df77f4..b2f3846a75 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,10 @@ Changes with Apache 2.0.15-dev + *) Fix a major security problem with double-reverse lookup checking. + Previously, a client connecting over IPv4 would not be matched + properly when the server had an IPv6 listening socket. PR #7407 + [Taketo Kabe ] + *) Change the way the beos MPM handles polling to allow it to stop and restart. Problem was the sockets being polled were being reset by the select call, so once it had accepted a connection it was no diff --git a/server/core.c b/server/core.c index f015af4f8d..c1251a31bb 100644 --- a/server/core.c +++ b/server/core.c @@ -600,6 +600,18 @@ static APR_INLINE void do_double_reverse (conn_rec *conn) conn->double_reverse = 1; return; } +#if APR_HAVE_IPV6 + /* match IPv4-mapped IPv6 addresses with IPv4 A record */ + if (conn->remote_addr->sa.sin.sin_family == APR_INET6 && + sa->sa.sin.sin_family == APR_INET && + IN6_IS_ADDR_V4MAPPED((struct in6_addr *)conn->remote_addr->ipaddr_ptr) && + !memcmp(&((struct in6_addr *)conn->remote_addr->ipaddr_ptr)->s6_addr[12], + sa->ipaddr_ptr, + sizeof (((struct in_addr *)0)->s_addr))) { + conn->double_reverse = 1; + return; + } +#endif sa = sa->next; } } -- 2.40.0