On 12.02.2010 10:58, [email protected] wrote: > Author: rjung > Date: Fri Feb 12 09:58:48 2010 > New Revision: 909323 > > URL: http://svn.apache.org/viewvc?rev=909323&view=rev > Log: > Support remote https proxies by using HTTP CONNECT. > PR: 19188 > Submitted by: Philippe Dutrueux <lilas evidian.com> > Reviewed by: rjung > > Modified: > httpd/httpd/trunk/CHANGES > httpd/httpd/trunk/docs/manual/mod/mod_proxy.xml > httpd/httpd/trunk/docs/manual/mod/mod_proxy_connect.xml > httpd/httpd/trunk/docs/manual/mod/mod_proxy_http.xml > httpd/httpd/trunk/include/ap_mmn.h > httpd/httpd/trunk/modules/proxy/mod_proxy.h > httpd/httpd/trunk/modules/proxy/proxy_util.c >
> Modified: httpd/httpd/trunk/modules/proxy/proxy_util.c > URL: > http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/proxy_util.c?rev=909323&r1=909322&r2=909323&view=diff > ============================================================================== > --- httpd/httpd/trunk/modules/proxy/proxy_util.c (original) > +++ httpd/httpd/trunk/modules/proxy/proxy_util.c Fri Feb 12 09:58:48 2010 > @@ -29,6 +29,18 @@ > @@ -2250,6 +2290,83 @@ > } > #endif /* USE_ALTERNATE_IS_CONNECTED */ > > + > +/* > + * Send a HTTP CONNECT request to a forward proxy. > + * The proxy is given by "backend", the target server > + * is contained in the "forward" member of "backend". > + */ > +static apr_status_t send_http_connect(proxy_conn_rec *backend, > + server_rec *s) > +{ > + int status; > + apr_size_t nbytes; > + char buffer[HUGE_STRING_LEN]; > + forward_info *forward = (forward_info *)backend->forward; > + int len = 0; > + > + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, > + "proxy: CONNECT: sending the CONNECT request for %s:%d " > + "to the remote proxy %pI (%s)", > + forward->target_host, forward->target_port, > + backend->addr, backend->hostname); > + /* Create the CONNECT request */ > + nbytes = apr_snprintf(buffer, sizeof(buffer), > + "CONNECT %s:%d HTTP/1.0" CRLF, > + forward->target_host, forward->target_port); > + /* Add proxy authorization from the initial request if necessary */ > + if (forward->proxy_auth != NULL) { > + nbytes += apr_snprintf(buffer + nbytes, sizeof(buffer) - nbytes, > + "Proxy-Authorization: %s" CRLF, > + forward->proxy_auth); > + } > + /* Set a reasonable agent and send everything */ > + nbytes += apr_snprintf(buffer + nbytes, sizeof(buffer) - nbytes, > + "Proxy-agent: %s" CRLF CRLF, > + ap_get_server_banner()); > + apr_socket_send(backend->sock, buffer, &nbytes); > + > + /* Receive the whole CONNECT response */ > + nbytes = sizeof(buffer) - 1; > + status = apr_socket_recv(backend->sock, buffer, &nbytes); > + while (status == APR_SUCCESS) { > + len += nbytes; > + buffer[len] = '\0'; > + if (strstr(buffer, "\r\n\r\n") != NULL) { > + break; > + } > + nbytes = sizeof(buffer) - 1 - len; > + status = apr_socket_recv(backend->sock, buffer + len, &nbytes); > + } > + > + /* Check for HTTP_OK response status */ > + if (status == APR_SUCCESS) { > + int major, minor; > + char code_str[10]; > + > + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, > + "send_http_connect: response from the forward proxy: > %s", > + buffer); > + > + /* Extract the returned code */ > + if (sscanf(buffer, "HTTP/%u.%u %s", &major, &minor, code_str) == 3) { Doesn't this introduce a buffer overflow if I am an evil backend and respond with e.g. HTTP/1.1 Someeviloverflowlongerthen10chars ? Regards RĂ¼diger
