Date: Sun, 16 May 2010 23:57:43 -0400 From: "Philip M. Gollucci" <pgollucci@p6m7g8.com> To: apache@freebsd.org Subject: Fwd: svn commit: r943980 - in /httpd/httpd/branches/2.0.x: CHANGES STATUS modules/proxy/proxy_ftp.c Message-ID: <4BF0BEB7.5010209@p6m7g8.com>
next in thread | raw e-mail | index | archive | help
--------------enig7CB4534CD123FEA7F2696CDB Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable -------- Original Message -------- Subject: svn commit: r943980 - in /httpd/httpd/branches/2.0.x: CHANGES STATUS modules/proxy/proxy_ftp.c Date: Thu, 13 May 2010 19:18:50 -0000 From: trawick@apache.org Reply-To: dev@httpd.apache.org To: cvs@httpd.apache.org Author: trawick Date: Thu May 13 19:18:50 2010 New Revision: 943980 URL: http://svn.apache.org/viewvc?rev=3D943980&view=3Drev Log: merge r814045 from trunk (2.2.x rev 814847): CVE-2009-3095: mod_proxy_ftp sanity check authn credentials. Submitted by: Stefan Fritsch <sf fritsch.de>, Joe Orton Reviewed by: pgollucci, poirier, rjung, trawick Modified: httpd/httpd/branches/2.0.x/CHANGES httpd/httpd/branches/2.0.x/STATUS httpd/httpd/branches/2.0.x/modules/proxy/proxy_ftp.c Modified: httpd/httpd/branches/2.0.x/CHANGES URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?rev=3D943= 980&r1=3D943979&r2=3D943980&view=3Ddiff =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D --- httpd/httpd/branches/2.0.x/CHANGES [utf-8] (original) +++ httpd/httpd/branches/2.0.x/CHANGES [utf-8] Thu May 13 19:18:50 2010 @@ -1,6 +1,10 @@ -*- coding: utf-8 -*- Changes with Apache 2.0.64 + *) SECURITY: CVE-2009-3095 (cve.mitre.org) + mod_proxy_ftp: sanity check authn credentials. + [Stefan Fritsch <sf fritsch.de>, Joe Orton] + *) SECURITY: CVE-2009-3094 (cve.mitre.org) mod_proxy_ftp: NULL pointer dereference on error paths. [Stefan Fritsch <sf fritsch.de>, Joe Orton] Modified: httpd/httpd/branches/2.0.x/STATUS URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/STATUS?rev=3D9439= 80&r1=3D943979&r2=3D943980&view=3Ddiff =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D --- httpd/httpd/branches/2.0.x/STATUS (original) +++ httpd/httpd/branches/2.0.x/STATUS Thu May 13 19:18:50 2010 @@ -125,13 +125,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK: http://people.apache.org/~fuankg/diffs/httpd-2.0.x-ap_vhost_iterate_given= _conn.diff +1: fuankg, wrowe, pgollucci - * mod_proxy_ftp, CVE-2009-3095, sanity check authn credentials - Patch in 2.2.x branch: - http://svn.apache.org/viewvc?view=3Drevision&revision=3D814847 - Backport: - http://people.apache.org/~trawick/CVE-2009-3095-2.0.txt - +1: pgollucci, poirier, rjung, trawick - * core output filter, CVE-2009-1891, consuming CPU after client disconnects Patch in 2.2.x branch: http://svn.apache.org/viewvc?view=3Drevision&revision=3D791454 Modified: httpd/httpd/branches/2.0.x/modules/proxy/proxy_ftp.c URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/modules/proxy/pro= xy_ftp.c?rev=3D943980&r1=3D943979&r2=3D943980&view=3Ddiff =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D --- httpd/httpd/branches/2.0.x/modules/proxy/proxy_ftp.c (original) +++ httpd/httpd/branches/2.0.x/modules/proxy/proxy_ftp.c Thu May 13 19:18:50 2010 @@ -890,6 +890,11 @@ int ap_proxy_ftp_handler(request_rec *r, if ((password =3D apr_table_get(r->headers_in, "Authorization")) !=3D= NULL && strcasecmp(ap_getword(r->pool, &password, ' '), "Basic") =3D=3D= 0 && (password =3D ap_pbase64decode(r->pool, password))[0] !=3D ':= ') { + /* Check the decoded string for special characters. */ + if (!ftp_check_string(password)) { + return ap_proxyerror(r, HTTP_BAD_REQUEST, + "user credentials contained invalid character"); + } /* * Note that this allocation has to be made from r->connection->pool * because it has the lifetime of the connection. The other --------------enig7CB4534CD123FEA7F2696CDB Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) iEYEARECAAYFAkvwvrcACgkQdbiP+9ubjBy9oACfRxWsu3hOkfCLvxUmwgFw5OZI FacAn2TQYKp0nVpsEDk9H3aVunAdNAob =rGi0 -----END PGP SIGNATURE----- --------------enig7CB4534CD123FEA7F2696CDB--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4BF0BEB7.5010209>