On 05/30/2008 01:49 PM, [EMAIL PROTECTED] wrote:
Author: jorton
Date: Fri May 30 04:49:31 2008
New Revision: 661666
URL: http://svn.apache.org/viewvc?rev=661666&view=rev
Log:
Prevent CSRF attacks against the balancer-manager (CVE-2007-6420)
* modules/proxy/mod_proxy_balancer.c (balancer_init): New function.
(balancer_handler): Place a nonce in the form output, and check that
the submitted form data includes that nonce.
(ap_proxy_balancer_register_hook): Register the new post_config hook.
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c
Modified: httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c
URL:
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c?rev=661666&r1=661665&r2=661666&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c (original)
+++ httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c Fri May 30 04:49:31
2008
@@ -21,9 +21,12 @@
#include "ap_mpm.h"
#include "apr_version.h"
#include "apr_hooks.h"
+#include "apr_uuid.h"
module AP_MODULE_DECLARE_DATA proxy_balancer_module;
+static apr_uuid_t balancer_nonce;
+
static int proxy_balancer_canon(request_rec *r, char *url)
{
char *host, *path;
@@ -619,6 +622,27 @@
}
}
+/* post_config hook: */
+static int balancer_init(apr_pool_t *p, apr_pool_t *plog,
+ apr_pool_t *ptemp, server_rec *s)
+{
+ void *data;
+ const char *userdata_key = "mod_proxy_balancer_init";
+
+ /* balancer_init() will be called twice during startup. So, only
+ * set up the static data the second time through. */
+ apr_pool_userdata_get(&data, userdata_key, s->process->pool);
+ if (!data) {
+ apr_pool_userdata_set((const void *)1, userdata_key,
+ apr_pool_cleanup_null, s->process->pool);
+ return OK;
+ }
+
+ apr_uuid_get(&balancer_nonce);
Why don't we do apr_uuid_format already here and store the string directly?
Regards
RĂ¼diger
