httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Re: svn commit: r909323 - in /httpd/httpd/trunk: CHANGES docs/manual/mod/mod_proxy.xml docs/manual/mod/mod_proxy_connect.xml docs/manual/mod/mod_proxy_http.xml include/ap_mmn.h modules/proxy/mod_proxy.h modules/proxy/proxy_util.c
Date Sun, 14 Feb 2010 23:50:00 GMT
On 14.02.2010 17:19, Ruediger Pluem wrote:
> On 12.02.2010 10:58, rjung@apache.org wrote:
>> Author: rjung
>> Date: Fri Feb 12 09:58:48 2010
>> New Revision: 909323
>>
>> URL: http://svn.apache.org/viewvc?rev=909323&view=rev
>> Log:
>> Support remote https proxies by using HTTP CONNECT.
>> PR: 19188
>> Submitted by: Philippe Dutrueux<lilas evidian.com>
>> Reviewed by: rjung
>>
>> Modified:
>>      httpd/httpd/trunk/CHANGES
>>      httpd/httpd/trunk/docs/manual/mod/mod_proxy.xml
>>      httpd/httpd/trunk/docs/manual/mod/mod_proxy_connect.xml
>>      httpd/httpd/trunk/docs/manual/mod/mod_proxy_http.xml
>>      httpd/httpd/trunk/include/ap_mmn.h
>>      httpd/httpd/trunk/modules/proxy/mod_proxy.h
>>      httpd/httpd/trunk/modules/proxy/proxy_util.c
>>
>
>> Modified: httpd/httpd/trunk/modules/proxy/proxy_util.c
>> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/proxy_util.c?rev=909323&r1=909322&r2=909323&view=diff
>> ==============================================================================
>> --- httpd/httpd/trunk/modules/proxy/proxy_util.c (original)
>> +++ httpd/httpd/trunk/modules/proxy/proxy_util.c Fri Feb 12 09:58:48 2010
...
>> +        /* Extract the returned code */
>> +        if (sscanf(buffer, "HTTP/%u.%u %s",&major,&minor, code_str) == 3)
{
>
> Doesn't this introduce a buffer overflow if I am an evil backend and respond
> with e.g. HTTP/1.1 Someeviloverflowlongerthen10chars ?

Thanks RĂ¼diger. Fixed in r910079. I added another fix in r910081
  and one more hardening type change in 910124. Will update the STATUS 
file entry for 2.2.x tomorrow.

Regards,

Rainer



Mime
View raw message