Bug 19023 - Multiple ProxyBlock entries will crash Apache
Summary: Multiple ProxyBlock entries will crash Apache
Status: CLOSED FIXED
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_proxy (show other bugs)
Version: 2.0.45
Hardware: All All
: P3 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-04-15 09:22 UTC by Sami Tikka
Modified: 2004-11-16 19:05 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sami Tikka 2003-04-15 09:22:42 UTC
Set up Apache 2.0.45 or earlier to function as a proxy server.
Block more than one site with the NoProxy directive.
Make the proxy serve a URL which does not match the blocked sites.
Observe Apache die.

The problem was identified to routine ap_proxy_checkproxyblock. It has 3 nested
loops. If the innermost loop is run to completion, uri_addr is set to NULL,
which is then used on the next iteration of the outer loop. The patch below
fixes the problem.

--- proxy_util.c	14 Apr 2003 09:49:53 -0000	1.3
+++ proxy_util.c	14 Apr 2003 14:21:42 -0000	1.4
@@ -1015,10 +1015,12 @@
                              apr_sockaddr_t *uri_addr)
 {
     int j;
+	apr_sockaddr_t * src_uri_addr = uri_addr;
     /* XXX FIXME: conf->noproxies->elts is part of an opaque structure */
     for (j = 0; j < conf->noproxies->nelts; j++) {
         struct noproxy_entry *npent = (struct noproxy_entry *)
conf->noproxies->elts;
         struct apr_sockaddr_t *conf_addr = npent[j].addr;
+		uri_addr = src_uri_addr;
         ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
                      "proxy: checking remote machine [%s] against [%s]",
uri_addr->hostname, npent[j].name);
         if ((npent[j].name && ap_strstr_c(uri_addr->hostname, npent[j].name))
Comment 1 Sami Tikka 2003-04-15 09:29:11 UTC
Err... my mistake... The bug happens when iterating the conf->noproxies table,
which is initialized from ProxyBlock directive, not NoProxy like I claimed
before. Otherwise the previous report is accurate.
Comment 2 Graham Leggett 2003-04-15 16:11:52 UTC
Patch applied to v2.0.46 and v2.1.0