From: Roy T. Fielding Date: Sat, 1 Sep 2007 23:46:55 +0000 (+0000) Subject: mod_proxy_connect: avoid segfault on DNS lookup failure. X-Git-Tag: 2.2.6~31 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ed9ce4071e96c9dd699fed1ec5c27ce24ab155a4;p=thirdparty%2Fapache%2Fhttpd.git mod_proxy_connect: avoid segfault on DNS lookup failure. PR: 40756 Submitted by: Trevin Beattie Reviewed by: Nick Kew, Ruediger Pluem, Jim Jagielski, Roy Fielding Please don't dick with the whitespace while holding up a segfault fix. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@571899 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 6b48ea8910e..b3519fd7eea 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.2.6 + *) mod_proxy_connect: avoid segfault on DNS lookup failure. + PR 40756 [Trevin Beattie ] + *) mod_proxy: enable Ignore Errors option on ProxyPass Status. PR 43167 [Francisco Gimeno diff --git a/STATUS b/STATUS index 8f3b1855194..563fc274288 100644 --- a/STATUS +++ b/STATUS @@ -175,14 +175,6 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: trawick says: The new directives should be documented in trunk, so that docs are available for backport at the same time. - * mod_proxy_connect: Fix potential proxy segfault - PR 40756 - http://svn.apache.org/viewvc?view=rev&revision=571414 - http://svn.apache.org/viewvc?view=rev&revision=571863 - http://svn.apache.org/viewvc?view=rev&revision=571869 - http://svn.apache.org/viewvc?view=rev&revision=571879 - +1: jim - * mod_include: Add an "if" directive syntax to test whether an URL is accessible, and if so, conditionally display content. This allows a webmaster to hide a link to a private page when the user diff --git a/modules/proxy/mod_proxy_connect.c b/modules/proxy/mod_proxy_connect.c index eb9b7de77a5..f50b4cb264f 100644 --- a/modules/proxy/mod_proxy_connect.c +++ b/modules/proxy/mod_proxy_connect.c @@ -122,21 +122,26 @@ static int proxy_connect_handler(request_rec *r, proxy_worker *worker, /* do a DNS lookup for the destination host */ err = apr_sockaddr_info_get(&uri_addr, uri.hostname, APR_UNSPEC, uri.port, 0, p); + if (APR_SUCCESS != err) { + return ap_proxyerror(r, HTTP_BAD_GATEWAY, apr_pstrcat(p, + "DNS lookup failure for: ", + uri.hostname, NULL)); + } /* are we connecting directly, or via a proxy? */ if (proxyname) { - connectname = proxyname; - connectport = proxyport; + connectname = proxyname; + connectport = proxyport; err = apr_sockaddr_info_get(&connect_addr, proxyname, APR_UNSPEC, proxyport, 0, p); } else { - connectname = uri.hostname; - connectport = uri.port; - connect_addr = uri_addr; + connectname = uri.hostname; + connectport = uri.port; + connect_addr = uri_addr; } ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "proxy: CONNECT: connecting to remote proxy %s on port %d", connectname, connectport); - + /* check if ProxyBlock directive on this host */ if (OK != ap_proxy_checkproxyblock(r, conf, uri_addr)) { return ap_proxyerror(r, HTTP_FORBIDDEN,