From: Ruediger Pluem Date: Tue, 5 Aug 2008 19:03:38 +0000 (+0000) Subject: Merge r682868 from trunk: X-Git-Tag: 2.0.64~133 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b32623949f5be02be2ba399603cb25bcf80ef7d0;p=thirdparty%2Fapache%2Fhttpd.git Merge r682868 from trunk: * Prevent XSS attacks when using wildcards in the path of the FTP URL. Discovered by Marc Bevand of Rapid7. CVE: CVE-2008-2939 Submitted by: rpluem Reviewed by: rpluem, mjc, jim, jorton git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@682871 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index fa17f8d4afc..cb171e8d4ca 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.0.64 + *) SECURITY: CVE-2008-2939 (cve.mitre.org) + mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of + the FTP URL. Discovered by Marc Bevand of Rapid7. [Ruediger Pluem] Changes with Apache 2.0.63 diff --git a/modules/proxy/proxy_ftp.c b/modules/proxy/proxy_ftp.c index 3cf6d31fbb5..3053c44748b 100644 --- a/modules/proxy/proxy_ftp.c +++ b/modules/proxy/proxy_ftp.c @@ -382,6 +382,7 @@ apr_status_t ap_proxy_send_dir_filter(ap_filter_t *f, apr_bucket_brigade *in) c->bucket_alloc)); } if (wildcard != NULL) { + wildcard = ap_escape_html(p, wildcard); APR_BRIGADE_INSERT_TAIL(out, apr_bucket_pool_create(wildcard, strlen(wildcard), p, c->bucket_alloc));