httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cove...@apache.org
Subject svn commit: r739620 - /httpd/httpd/trunk/server/core.c
Date Sat, 31 Jan 2009 21:16:51 GMT
Author: covener
Date: Sat Jan 31 21:16:51 2009
New Revision: 739620

URL: http://svn.apache.org/viewvc?rev=739620&view=rev
Log:
Provide a hint when we see what looks like an SSL record when we're
expecting a plain-text request line.

Submitted by: Dan Poirer <poirier pobox.com>
Reviwed by: covener


Modified:
    httpd/httpd/trunk/server/core.c

Modified: httpd/httpd/trunk/server/core.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/core.c?rev=739620&r1=739619&r2=739620&view=diff
==============================================================================
--- httpd/httpd/trunk/server/core.c (original)
+++ httpd/httpd/trunk/server/core.c Sat Jan 31 21:16:51 2009
@@ -3673,8 +3673,19 @@
     }
     else {              /* unusual method (not GET or POST) */
         if (r->method_number == M_INVALID) {
-            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                          "Invalid method in request %s", r->the_request);
+            /* See if this looks like an undecrypted SSL handshake attempt.
+             * It's safe to look a couple bytes into the_request if it exists, as it's
+             * always allocated at least MIN_LINE_ALLOC (80) bytes.
+             */
+            if (r->the_request
+                && r->the_request[0] == 0x16                                
+                && (r->the_request[1] == 0x2 || r->the_request[1] == 0x3))
{
+                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                              "Invalid method in request %s - possible attempt to establish
SSL connection on non-SSL port", r->the_request);
+            } else {
+                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                              "Invalid method in request %s", r->the_request);
+            }
             return HTTP_NOT_IMPLEMENTED;
         }
 



Mime
View raw message