proxy_util.c

Rainer Jung Sun, 14 Feb 2010 15:50:35 -0800

On 14.02.2010 17:19, Ruediger Pluem wrote:

On 12.02.2010 10:58, [email protected] wrote:

Author: rjung
Date: Fri Feb 12 09:58:48 2010
New Revision: 909323


URL: http://svn.apache.org/viewvc?rev=909323&view=rev
Log:
Support remote https proxies by using HTTP CONNECT.
PR: 19188
Submitted by: Philippe Dutrueux<lilas evidian.com>
Reviewed by: rjung

Modified:
     httpd/httpd/trunk/CHANGES
     httpd/httpd/trunk/docs/manual/mod/mod_proxy.xml
     httpd/httpd/trunk/docs/manual/mod/mod_proxy_connect.xml
     httpd/httpd/trunk/docs/manual/mod/mod_proxy_http.xml
     httpd/httpd/trunk/include/ap_mmn.h
     httpd/httpd/trunk/modules/proxy/mod_proxy.h
     httpd/httpd/trunk/modules/proxy/proxy_util.c

Modified: httpd/httpd/trunk/modules/proxy/proxy_util.c
URL: 
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/proxy_util.c?rev=909323&r1=909322&r2=909323&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/proxy/proxy_util.c (original)
+++ httpd/httpd/trunk/modules/proxy/proxy_util.c Fri Feb 12 09:58:48 2010

...

+        /* Extract the returned code */
+        if (sscanf(buffer, "HTTP/%u.%u %s",&major,&minor, code_str) == 3) {


Doesn't this introduce a buffer overflow if I am an evil backend and respond
with e.g. HTTP/1.1 Someeviloverflowlongerthen10chars ?


Thanks Rüdiger. Fixed in r910079. I added another fix in r910081

and one more hardening type change in 910124. Will update the STATUSfile entry for 2.2.x tomorrow.


Regards,

Rainer

Re: svn commit: r909323 - in /httpd/httpd/trunk: CHANGES docs/manual/mod/mod_proxy.xml docs/manual/mod/mod_proxy_connect.xml docs/manual/mod/mod_proxy_http.xml include/ap_mmn.h modules/proxy/mod_proxy.h modules/proxy/proxy_util.c

Reply via email to