Return-Path: Delivered-To: apmail-httpd-cvs-archive@www.apache.org Received: (qmail 4531 invoked from network); 29 Jul 2009 15:16:09 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 29 Jul 2009 15:16:09 -0000 Received: (qmail 45297 invoked by uid 500); 29 Jul 2009 15:16:10 -0000 Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 45222 invoked by uid 500); 29 Jul 2009 15:16:09 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 45213 invoked by uid 99); 29 Jul 2009 15:16:09 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 29 Jul 2009 15:16:09 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 29 Jul 2009 15:16:00 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 0B92B23888E4; Wed, 29 Jul 2009 15:15:39 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r798943 - in /httpd/httpd/trunk: CHANGES support/ab.c Date: Wed, 29 Jul 2009 15:15:38 -0000 To: cvs@httpd.apache.org From: trawick@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20090729151539.0B92B23888E4@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: trawick Date: Wed Jul 29 15:15:38 2009 New Revision: 798943 URL: http://svn.apache.org/viewvc?rev=798943&view=rev Log: ab: Fix broken error messages after resolver or connect() failures. The APR error code was truncated because ab used an incorrect data type. Modified: httpd/httpd/trunk/CHANGES httpd/httpd/trunk/support/ab.c Modified: httpd/httpd/trunk/CHANGES URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=798943&r1=798942&r2=798943&view=diff ============================================================================== --- httpd/httpd/trunk/CHANGES [utf-8] (original) +++ httpd/httpd/trunk/CHANGES [utf-8] Wed Jul 29 15:15:38 2009 @@ -2,6 +2,9 @@ Changes with Apache 2.3.3 + *) ab: Fix broken error messages after resolver or connect() failures. + [Jeff Trawick] + *) SECURITY: CVE-2009-1890 (cve.mitre.org) Fix a potential Denial-of-Service attack against mod_proxy in a reverse proxy configuration, where a remote attacker can force a Modified: httpd/httpd/trunk/support/ab.c URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/support/ab.c?rev=798943&r1=798942&r2=798943&view=diff ============================================================================== --- httpd/httpd/trunk/support/ab.c (original) +++ httpd/httpd/trunk/support/ab.c Wed Jul 29 15:15:38 2009 @@ -1548,7 +1548,8 @@ static void test(void) { apr_time_t stoptime; - apr_int16_t rv; + apr_int16_t rtnev; + apr_status_t rv; int i; apr_status_t status; int snprintf_res = 0; @@ -1719,7 +1720,7 @@ if (c->state == STATE_UNCONNECTED) continue; - rv = next_fd->rtnevents; + rtnev = next_fd->rtnevents; #ifdef USE_SSL if (c->state == STATE_CONNECTED && c->ssl && SSL_in_init(c->ssl)) { @@ -1740,9 +1741,9 @@ * connection is done and we loop here endlessly calling * apr_poll(). */ - if ((rv & APR_POLLIN) || (rv & APR_POLLPRI) || (rv & APR_POLLHUP)) + if ((rtnev & APR_POLLIN) || (rtnev & APR_POLLPRI) || (rtnev & APR_POLLHUP)) read_connection(c); - if ((rv & APR_POLLERR) || (rv & APR_POLLNVAL)) { + if ((rtnev & APR_POLLERR) || (rtnev & APR_POLLNVAL)) { bad++; err_except++; /* avoid apr_poll/EINPROGRESS loop on HP-UX, let recv discover ECONNREFUSED */ @@ -1754,7 +1755,7 @@ } continue; } - if (rv & APR_POLLOUT) { + if (rtnev & APR_POLLOUT) { if (c->state == STATE_CONNECTING) { rv = apr_socket_connect(c->aprsock, destsa); if (rv != APR_SUCCESS) {