Changes with Apache 2.3.3
+ *) ab: Fix broken error messages after resolver or connect() failures.
+ [Jeff Trawick]
+
*) SECURITY: CVE-2009-1890 (cve.mitre.org)
Fix a potential Denial-of-Service attack against mod_proxy in a
reverse proxy configuration, where a remote attacker can force a
static void test(void)
{
apr_time_t stoptime;
- apr_int16_t rv;
+ apr_int16_t rtnev;
+ apr_status_t rv;
int i;
apr_status_t status;
int snprintf_res = 0;
if (c->state == STATE_UNCONNECTED)
continue;
- rv = next_fd->rtnevents;
+ rtnev = next_fd->rtnevents;
#ifdef USE_SSL
if (c->state == STATE_CONNECTED && c->ssl && SSL_in_init(c->ssl)) {
* connection is done and we loop here endlessly calling
* apr_poll().
*/
- if ((rv & APR_POLLIN) || (rv & APR_POLLPRI) || (rv & APR_POLLHUP))
+ if ((rtnev & APR_POLLIN) || (rtnev & APR_POLLPRI) || (rtnev & APR_POLLHUP))
read_connection(c);
- if ((rv & APR_POLLERR) || (rv & APR_POLLNVAL)) {
+ if ((rtnev & APR_POLLERR) || (rtnev & APR_POLLNVAL)) {
bad++;
err_except++;
/* avoid apr_poll/EINPROGRESS loop on HP-UX, let recv discover ECONNREFUSED */
}
continue;
}
- if (rv & APR_POLLOUT) {
+ if (rtnev & APR_POLLOUT) {
if (c->state == STATE_CONNECTING) {
rv = apr_socket_connect(c->aprsock, destsa);
if (rv != APR_SUCCESS) {