From: Thom May <thommay@apache.org>
Date: Thu, 17 Jul 2003 16:05:51 +0000 (+0000)
Subject: Fix ProxyPass for ftp requests - the original code was segfaulting since
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=393f284956d9f018c1ab9454f6489c54ec71f77c;p=thirdparty%2Fapache%2Fhttpd.git

Fix ProxyPass for ftp requests - the original code was segfaulting since
many of the values were not being filled out in the request_rec.

PR: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=57316
Submitted by: Tollef Fog Heen <tfheen@debian.org>, Thom May
Reviewed by: Andre' Malo


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@100671 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/src/CHANGES b/src/CHANGES
index 581f315c855..614b9e8914f 100644
--- a/src/CHANGES
+++ b/src/CHANGES
@@ -1,5 +1,9 @@
 Changes with Apache 1.3.29
 
+  *) Fix ProxyPass for ftp requests - the original code was segfaulting since 
+     many of the values were not being filled out in the request_rec.
+     [Tollef Fog Heen <tfheen@debian.org, Thom May]
+
 Changes with Apache 1.3.28
 
   *) SECURITY: CAN-2003-0460 (cve.mitre.org)
diff --git a/src/modules/proxy/proxy_ftp.c b/src/modules/proxy/proxy_ftp.c
index 87042c74543..e74835832db 100644
--- a/src/modules/proxy/proxy_ftp.c
+++ b/src/modules/proxy/proxy_ftp.c
@@ -547,13 +547,14 @@ static int ftp_cleanup_and_return(request_rec *r, BUFF *ctrl, BUFF *data, int cs
  */
 int ap_proxy_ftp_handler(request_rec *r, cache_req *c, char *url)
 {
-    char *host, *path, *strp, *parms;
+    char *desthost, *path, *strp, *parms;
+    char *strp2;
     char *cwd = NULL;
     char *user = NULL;
 /*    char *account = NULL; how to supply an account in a URL? */
     const char *password = NULL;
     const char *err;
-    int port, i, j, len, rc, nocache = 0;
+    int destport, i, j, len, rc, nocache = 0;
     int csd = 0, sock = -1, dsock = -1;
     struct sockaddr_in server;
     struct hostent server_hp;
@@ -562,6 +563,8 @@ int ap_proxy_ftp_handler(request_rec *r, cache_req *c, char *url)
     BUFF *ctrl = NULL;
     BUFF *data = NULL;
     pool *p = r->pool;
+    char *destportstr = NULL;
+    const char *urlptr = NULL;
     int one = 1;
     NET_SIZE_T clen;
     char xfer_type = 'A';       /* after ftp login, the default is ASCII */
@@ -593,17 +596,34 @@ int ap_proxy_ftp_handler(request_rec *r, cache_req *c, char *url)
 
 /* We break the URL into host, port, path-search */
 
-    host = r->parsed_uri.hostname;
-    port = (r->parsed_uri.port != 0)
-        ? r->parsed_uri.port
-        : ap_default_port_for_request(r);
-    path = ap_pstrdup(p, r->parsed_uri.path);
-    if (path == NULL)
-        path = "";
-    else
-        while (*path == '/')
-            ++path;
+    urlptr = strstr(url, "://");
+    if (urlptr == NULL)
+        return HTTP_BAD_REQUEST;
+    urlptr += 3;
+    destport = 21;
+    strp = strchr(urlptr, '/');
+    if (strp == NULL) {
+        desthost = ap_pstrdup(p, urlptr);
+        urlptr = "/";
+    }
+    else {
+        char *q = ap_palloc(p, strp - urlptr + 1);
+        memcpy(q, urlptr, strp - urlptr);
+        q[strp - urlptr] = '\0';
+        urlptr = strp;
+        desthost = q;
+    }
 
+    strp2 = strchr(desthost, ':');
+    if (strp2 != NULL) {
+        *(strp2++) = '\0';
+        if (ap_isdigit(*strp2)) {
+            destport = atoi(strp2);
+            destportstr = strp2;
+        }
+    }
+    path = strchr(urlptr, '/')+1;
+    
     /*
      * The "Authorization:" header must be checked first. We allow the user
      * to "override" the URL-coded user [ & password ] in the Browsers'
@@ -643,25 +663,25 @@ int ap_proxy_ftp_handler(request_rec *r, cache_req *c, char *url)
     }
 
     /* check if ProxyBlock directive on this host */
-    destaddr.s_addr = ap_inet_addr(host);
+    destaddr.s_addr = ap_inet_addr(desthost);
     for (i = 0; i < conf->noproxies->nelts; i++) {
         if (destaddr.s_addr == npent[i].addr.s_addr ||
             (npent[i].name != NULL &&
-          (npent[i].name[0] == '*' || strstr(host, npent[i].name) != NULL)))
+          (npent[i].name[0] == '*' || strstr(desthost, npent[i].name) != NULL)))
             return ap_proxyerror(r, HTTP_FORBIDDEN,
                                  "Connect to remote machine blocked");
     }
 
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: connect to %s:%d", host, port);
+    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: connect to %s:%d", desthost, destport);
 
-    parms = strchr(path, ';');
+    parms = strchr(url, ';');
     if (parms != NULL)
         *(parms++) = '\0';
 
     memset(&server, 0, sizeof(struct sockaddr_in));
     server.sin_family = AF_INET;
-    server.sin_port = htons((unsigned short)port);
-    err = ap_proxy_host2addr(host, &server_hp);
+    server.sin_port = htons((unsigned short)destport);
+    err = ap_proxy_host2addr(desthost, &server_hp);
     if (err != NULL)
         return ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR, err);
 
@@ -1293,7 +1313,7 @@ int ap_proxy_ftp_handler(request_rec *r, cache_req *c, char *url)
             if (destaddr.s_addr == ncent[i].addr.s_addr ||
                 (ncent[i].name != NULL &&
                  (ncent[i].name[0] == '*' ||
-                  strstr(host, ncent[i].name) != NULL))) {
+                  strstr(desthost, ncent[i].name) != NULL))) {
                 nocache = 1;
                 break;
             }