-*- coding: utf-8 -*-
Changes with Apache 2.2.7
+ *) SECURITY: CVE-2007-6421 (cve.mitre.org)
+ mod_proxy_balancer: Correctly escape the worker route and the worker
+ redirect string in the HTML output of the balancer manager.
+ Reported by SecurityReason. [Ruediger Pluem]
+
*) mod_ldap: Try to establish a new backend LDAP connection when the
Microsoft LDAP client library returns LDAP_UNAVAILABLE, e.g. after the
LDAP server has closed the connection due to a timeout.
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * mod_proxy_balancer: Correctly escape the worker route and the worker
- redirect string in the HTML output of the balancer manager.
- Trunk version of patch:
- http://svn.apache.org/viewvc?rev=607275&view=rev
- http://svn.apache.org/viewvc?rev=607403&view=rev (CVE number added
- to CHANGES entry)
- Backport version for 2.2.x of patch:
- Trunk version of patch works
- +1: rpluem, niq, wrowe
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
ap_escape_uri(r->pool, worker->name),
"\">", NULL);
ap_rvputs(r, worker->name, "</a></td>", NULL);
- ap_rvputs(r, "<td>", worker->s->route, NULL);
- ap_rvputs(r, "</td><td>", worker->s->redirect, NULL);
+ ap_rvputs(r, "<td>", ap_escape_html(r->pool, worker->s->route),
+ NULL);
+ ap_rvputs(r, "</td><td>",
+ ap_escape_html(r->pool, worker->s->redirect), NULL);
ap_rprintf(r, "</td><td>%d</td>", worker->s->lbfactor);
ap_rprintf(r, "<td>%d</td><td>", worker->s->lbset);
if (worker->s->status & PROXY_WORKER_DISABLED)
ap_rputs("<tr><td>LB Set:</td><td><input name=\"ls\" type=text ", r);
ap_rprintf(r, "value=\"%d\"></td></tr>\n", wsel->s->lbset);
ap_rputs("<tr><td>Route:</td><td><input name=\"wr\" type=text ", r);
- ap_rvputs(r, "value=\"", wsel->s->route, NULL);
+ ap_rvputs(r, "value=\"", ap_escape_html(r->pool, wsel->s->route),
+ NULL);
ap_rputs("\"></td></tr>\n", r);
ap_rputs("<tr><td>Route Redirect:</td><td><input name=\"rr\" type=text ", r);
- ap_rvputs(r, "value=\"", wsel->s->redirect, NULL);
+ ap_rvputs(r, "value=\"", ap_escape_html(r->pool, wsel->s->redirect),
+ NULL);
ap_rputs("\"></td></tr>\n", r);
ap_rputs("<tr><td>Status:</td><td>Disabled: <input name=\"dw\" value=\"Disable\" type=radio", r);
if (wsel->s->status & PROXY_WORKER_DISABLED)