httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mar...@apache.org
Subject cvs commit: apache-1.3/src/main http_core.c
Date Fri, 15 Feb 2002 11:32:35 GMT
martin      02/02/15 03:32:34

  Modified:    src      CHANGES
               src/main http_core.c
  Log:
  [Security] Prevent invalid client hostnames from appearing in
  the log file. If a double-reverse lookup was performed (e.g.,
  for an "Allow from .my.domain" directive) but failed, then
  a spoofed dns-reverse-address could appear in the logs. Now
  the numeric address is logged instead. Note that
  reverse-address-spoofing did NOT actually allow access
  to any protected resource! It was only possible to cause apache to
  log arbitrary names (for resources protected thusly) if you had
  control over the reverse dns zone.
  
  Revision  Changes    Path
  1.1774    +8 -0      apache-1.3/src/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/CHANGES,v
  retrieving revision 1.1773
  retrieving revision 1.1774
  diff -u -r1.1773 -r1.1774
  --- CHANGES	13 Feb 2002 05:35:02 -0000	1.1773
  +++ CHANGES	15 Feb 2002 11:32:33 -0000	1.1774
  @@ -1,5 +1,13 @@
   Changes with Apache 1.3.24
   
  +  *) [Security] Prevent invalid client hostnames from appearing in
  +     the log file. If a double-reverse lookup was performed (e.g.,
  +     for an "Allow from .my.domain" directive) but failed, then
  +     a spoofed dns-reverse-address could appear in the logs. Now
  +     the numeric address is logged instead. Note that
  +     reverse-address-spoofing did NOT actually allow access
  +     to any protected resource!  [Martin Kraemer]
  +
     *) Some browsers ignore cookies that have been merged into a
        single Set-Cookie header. Set-Cookie and Set-Cookie2 headers
        are now unmerged in the http proxy before being sent to the
  
  
  
  1.304     +16 -3     apache-1.3/src/main/http_core.c
  
  Index: http_core.c
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/main/http_core.c,v
  retrieving revision 1.303
  retrieving revision 1.304
  diff -u -r1.303 -r1.304
  --- http_core.c	16 Jan 2002 21:34:32 -0000	1.303
  +++ http_core.c	15 Feb 2002 11:32:34 -0000	1.304
  @@ -619,6 +619,19 @@
   
   
   /* Code from Harald Hanche-Olsen <hanche@imf.unit.no> */
  +/* Note: the function returns its result in conn->double_reverse:
  + *       +1: forward lookup of the previously reverse-looked-up
  + *           hostname in conn->remote_host succeeded, and at
  + *           least one of its IP addresses matches the client.
  + *       -1: forward lookup of conn->remote_host failed, or
  + *           none of the addresses found matches the client connection
  + *           (possible DNS spoof in the reverse zone!)
  + *       If do_double_reverse() returns -1, then it also invalidates
  + *       conn->remote_host to prevent an invalid name from appearing
  + *       in the log files. Conn->remote_host is set to "", because
  + *       a setting of NULL would allow another reverse lookup,
  + *       depending on the flags given to ap_get_remote_host().
  + */
   static ap_inline void do_double_reverse (conn_rec *conn)
   {
       struct hostent *hptr;
  @@ -630,6 +643,7 @@
       if (conn->remote_host == NULL || conn->remote_host[0] == '\0') {
   	/* single reverse failed, so don't bother */
   	conn->double_reverse = -1;
  +        conn->remote_host = ""; /* prevent another lookup */
   	return;
       }
       hptr = gethostbyname(conn->remote_host);
  @@ -645,6 +659,8 @@
   	}
       }
       conn->double_reverse = -1;
  +    /* invalidate possible reverse-resolved hostname if forward lookup fails */
  +    conn->remote_host = "";
   }
   
   API_EXPORT(const char *) ap_get_remote_host(conn_rec *conn, void *dir_config,
  @@ -683,9 +699,6 @@
   	   
   	    if (hostname_lookups == HOSTNAME_LOOKUP_DOUBLE) {
   		do_double_reverse(conn);
  -		if (conn->double_reverse != 1) {
  -		    conn->remote_host = NULL;
  -		}
   	    }
   	}
   	/* if failed, set it to the NULL string to indicate error */
  
  
  

Mime
View raw message