httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From minf...@apache.org
Subject svn commit: r814847 - in /httpd/httpd/branches/2.2.x: CHANGES modules/proxy/mod_proxy_ftp.c
Date Mon, 14 Sep 2009 20:53:28 GMT
Author: minfrin
Date: Mon Sep 14 20:53:28 2009
New Revision: 814847

URL: http://svn.apache.org/viewvc?rev=814847&view=rev
Log:
Backport 814045
CVE-2009-3095: mod_proxy_ftp sanity check authn credentials.
Submitted by: Stefan Fritsch <sf fritsch.de>, Joe Orton

Modified:
    httpd/httpd/branches/2.2.x/CHANGES
    httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ftp.c

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=814847&r1=814846&r2=814847&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Mon Sep 14 20:53:28 2009
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.2.14
 
+  *) CVE-2009-3095: mod_proxy_ftp sanity check authn credentials.
+     [Stefan Fritsch <sf fritsch.de>, Joe Orton]
+
   *) CVE-2009-3094: mod_proxy_ftp NULL pointer dereference on error paths.
      [Stefan Fritsch <sf fritsch.de>, Joe Orton]
 

Modified: httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ftp.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ftp.c?rev=814847&r1=814846&r2=814847&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ftp.c (original)
+++ httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ftp.c Mon Sep 14 20:53:28 2009
@@ -912,6 +912,11 @@
     if ((password = apr_table_get(r->headers_in, "Authorization")) != NULL
         && strcasecmp(ap_getword(r->pool, &password, ' '), "Basic") == 0
         && (password = ap_pbase64decode(r->pool, password))[0] != ':') {
+        /* Check the decoded string for special characters. */
+        if (!ftp_check_string(password)) {
+            return ap_proxyerror(r, HTTP_BAD_REQUEST, 
+                                 "user credentials contained invalid character");
+        } 
         /*
          * Note that this allocation has to be made from r->connection->pool
          * because it has the lifetime of the connection.  The other



Mime
View raw message