ASF Bugzilla – Attachment 32698 Details for
Bug 57832
Reduction of response splitting attacks consequences in mod_proxy
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Proposed patch for trunk
httpd-trunk-mod_proxy-is_socket_connected-v2.patch (text/plain), 3.84 KB, created by
Yann Ylavic
on 2015-04-29 21:18:44 UTC
(
hide
)
Description:
Proposed patch for trunk
Filename:
MIME Type:
Creator:
Yann Ylavic
Created:
2015-04-29 21:18:44 UTC
Size:
3.84 KB
patch
obsolete
>Index: modules/proxy/mod_proxy.h >=================================================================== >--- modules/proxy/mod_proxy.h (revision 1676716) >+++ modules/proxy/mod_proxy.h (working copy) >@@ -1054,7 +1054,7 @@ APR_DECLARE_OPTIONAL_FN(int, ap_proxy_clear_connec > > /** > * @param socket socket to test >- * @return TRUE if socket is connected/active >+ * @return 1/2 if socket is connected/readable, 0 otherwise > */ > PROXY_DECLARE(int) ap_proxy_is_socket_connected(apr_socket_t *socket); > >Index: modules/proxy/mod_proxy_ajp.c >=================================================================== >--- modules/proxy/mod_proxy_ajp.c (revision 1676716) >+++ modules/proxy/mod_proxy_ajp.c (working copy) >@@ -787,7 +787,7 @@ static int proxy_ajp_handler(request_rec *r, proxy > /* Handle CPING/CPONG */ > if (worker->s->ping_timeout_set) { > if (worker->s->ping_timeout < 0) { >- if (!ap_proxy_is_socket_connected(backend->sock)) { >+ if (ap_proxy_is_socket_connected(backend->sock) != 1) { > backend->close = 1; > ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(02534) > "socket check failed to %pI (%s)", >Index: modules/proxy/mod_proxy_http.c >=================================================================== >--- modules/proxy/mod_proxy_http.c (revision 1676716) >+++ modules/proxy/mod_proxy_http.c (working copy) >@@ -2154,7 +2154,7 @@ static int proxy_http_handler(request_rec *r, prox > * backend's socket/connection is reused (ie. no Step Three). > */ > if (worker->s->ping_timeout_set && worker->s->ping_timeout < 0 && >- !ap_proxy_is_socket_connected(backend->sock)) { >+ ap_proxy_is_socket_connected(backend->sock) != 1) { > backend->close = 1; > ap_log_rerror(APLOG_MARK, APLOG_INFO, status, r, APLOGNO(02535) > "socket check failed to %pI (%s)", >Index: modules/proxy/proxy_util.c >=================================================================== >--- modules/proxy/proxy_util.c (revision 1676716) >+++ modules/proxy/proxy_util.c (working copy) >@@ -2509,7 +2509,7 @@ PROXY_DECLARE(int) ap_proxy_is_socket_connected(ap > status = apr_socket_recvfrom(&unused, socket, APR_MSG_PEEK, > &buf[0], &len); > if (status == APR_SUCCESS && len) >- return 1; >+ return 2; > else > return 0; > } >@@ -2539,6 +2539,9 @@ PROXY_DECLARE(int) ap_proxy_is_socket_connected(ap > || APR_STATUS_IS_ECONNRESET(socket_status)) { > return 0; > } >+ else if (socket_status == APR_SUCCESS && buffer_len) { >+ return 2; >+ } > else { > return 1; > } >@@ -2709,11 +2712,18 @@ PROXY_DECLARE(int) ap_proxy_connect_backend(const > (proxy_server_conf *) ap_get_module_config(sconf, &proxy_module); > > if (conn->sock) { >- if (!(connected = ap_proxy_is_socket_connected(conn->sock))) { >+ if ((connected = ap_proxy_is_socket_connected(conn->sock)) != 1) { > socket_cleanup(conn); >- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00951) >- "%s: backend socket is disconnected.", >- proxy_function); >+ if (!connected) { >+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00951) >+ "%s: backend socket is disconnected.", >+ proxy_function); >+ } >+ else { >+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO() >+ "%s: backend socket is not empty!", >+ proxy_function); >+ } > } > } > while ((backend_addr || conn->uds_path) && !connected) {
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 57832
:
32685
| 32698 |
32734
|
32735
|
32740