CVE-2009-3095: mod_proxy_ftp sanity check authn credentials.
Submitted by: Stefan Fritsch <sf fritsch.de>, Joe Orton
Reviewed by: pgollucci, poirier, rjung, trawick
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@943980
13f79535-47bb-0310-9956-
ffa450edef68
-*- coding: utf-8 -*-
Changes with Apache 2.0.64
+ *) SECURITY: CVE-2009-3095 (cve.mitre.org)
+ mod_proxy_ftp: sanity check authn credentials.
+ [Stefan Fritsch <sf fritsch.de>, Joe Orton]
+
*) SECURITY: CVE-2009-3094 (cve.mitre.org)
mod_proxy_ftp: NULL pointer dereference on error paths.
[Stefan Fritsch <sf fritsch.de>, Joe Orton]
http://people.apache.org/~fuankg/diffs/httpd-2.0.x-ap_vhost_iterate_given_conn.diff
+1: fuankg, wrowe, pgollucci
- * mod_proxy_ftp, CVE-2009-3095, sanity check authn credentials
- Patch in 2.2.x branch:
- http://svn.apache.org/viewvc?view=revision&revision=814847
- Backport:
- http://people.apache.org/~trawick/CVE-2009-3095-2.0.txt
- +1: pgollucci, poirier, rjung, trawick
-
* core output filter, CVE-2009-1891, consuming CPU after client disconnects
Patch in 2.2.x branch:
http://svn.apache.org/viewvc?view=revision&revision=791454
if ((password = apr_table_get(r->headers_in, "Authorization")) != NULL
&& strcasecmp(ap_getword(r->pool, &password, ' '), "Basic") == 0
&& (password = ap_pbase64decode(r->pool, password))[0] != ':') {
+ /* Check the decoded string for special characters. */
+ if (!ftp_check_string(password)) {
+ return ap_proxyerror(r, HTTP_BAD_REQUEST,
+ "user credentials contained invalid character");
+ }
/*
* Note that this allocation has to be made from r->connection->pool
* because it has the lifetime of the connection. The other
projects / thirdparty / apache / httpd.git / commitdiff
