httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From traw...@apache.org
Subject cvs commit: httpd-2.0 CHANGES
Date Thu, 22 Mar 2001 10:03:29 GMT
trawick     01/03/22 02:03:29

  Modified:    server   core.c
               .        CHANGES
  Log:
  Fix a major security problem with double-reverse lookup checking.
  Previously, a client connecting over IPv4 would not be matched
  properly when the server had an IPv6 listening socket.
  
  PR:	      7407
  Submitted by: Taketo Kabe <kiabe@sra-tohoku.co.jp>
  Reviewed by:  Jeff Trawick
  
  Revision  Changes    Path
  1.4       +12 -0     httpd-2.0/server/core.c
  
  Index: core.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/server/core.c,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- core.c	2001/03/18 02:33:22	1.3
  +++ core.c	2001/03/22 10:03:28	1.4
  @@ -600,6 +600,18 @@
                   conn->double_reverse = 1;
                   return;
               }
  +#if APR_HAVE_IPV6
  +            /* match IPv4-mapped IPv6 addresses with IPv4 A record */
  +            if (conn->remote_addr->sa.sin.sin_family == APR_INET6 &&
  +                sa->sa.sin.sin_family == APR_INET &&
  +                IN6_IS_ADDR_V4MAPPED((struct in6_addr *)conn->remote_addr->ipaddr_ptr)
&&
  +                !memcmp(&((struct in6_addr *)conn->remote_addr->ipaddr_ptr)->s6_addr[12],
  +                        sa->ipaddr_ptr,
  +                        sizeof (((struct in_addr *)0)->s_addr))) {
  +                conn->double_reverse = 1;
  +                return;
  +            }
  +#endif
               sa = sa->next;
           }
       }
  
  
  
  1.141     +5 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.140
  retrieving revision 1.141
  diff -u -r1.140 -r1.141
  --- CHANGES	2001/03/21 16:24:46	1.140
  +++ CHANGES	2001/03/22 10:03:29	1.141
  @@ -1,5 +1,10 @@
   Changes with Apache 2.0.15-dev
   
  +  *) Fix a major security problem with double-reverse lookup checking.  
  +     Previously, a client connecting over IPv4 would not be matched 
  +     properly when the server had an IPv6 listening socket.  PR #7407
  +     [Taketo Kabe <kiabe@sra-tohoku.co.jp>]
  +
     *) Change the way the beos MPM handles polling to allow it to stop and
        restart.  Problem was the sockets being polled were being reset by
        the select call, so once it had accepted a connection it was no
  
  
  

Mime
View raw message