From: Jeff Trawick Date: Thu, 22 Mar 2001 10:03:29 +0000 (+0000) Subject: Fix a major security problem with double-reverse lookup checking. X-Git-Tag: 2.0.15~10 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=aa563a6faf0c2cb8a6c5823feed7e321be26d801;p=thirdparty%2Fapache%2Fhttpd.git Fix a major security problem with double-reverse lookup checking. Previously, a client connecting over IPv4 would not be matched properly when the server had an IPv6 listening socket. PR: 7407 Submitted by: Taketo Kabe Reviewed by: Jeff Trawick git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@88561 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index b2e3df77f48..b2f3846a759 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,10 @@ Changes with Apache 2.0.15-dev + *) Fix a major security problem with double-reverse lookup checking. + Previously, a client connecting over IPv4 would not be matched + properly when the server had an IPv6 listening socket. PR #7407 + [Taketo Kabe ] + *) Change the way the beos MPM handles polling to allow it to stop and restart. Problem was the sockets being polled were being reset by the select call, so once it had accepted a connection it was no diff --git a/server/core.c b/server/core.c index f015af4f8d7..c1251a31bb3 100644 --- a/server/core.c +++ b/server/core.c @@ -600,6 +600,18 @@ static APR_INLINE void do_double_reverse (conn_rec *conn) conn->double_reverse = 1; return; } +#if APR_HAVE_IPV6 + /* match IPv4-mapped IPv6 addresses with IPv4 A record */ + if (conn->remote_addr->sa.sin.sin_family == APR_INET6 && + sa->sa.sin.sin_family == APR_INET && + IN6_IS_ADDR_V4MAPPED((struct in6_addr *)conn->remote_addr->ipaddr_ptr) && + !memcmp(&((struct in6_addr *)conn->remote_addr->ipaddr_ptr)->s6_addr[12], + sa->ipaddr_ptr, + sizeof (((struct in_addr *)0)->s_addr))) { + conn->double_reverse = 1; + return; + } +#endif sa = sa->next; } }