You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ni...@apache.org on 2008/06/09 18:41:08 UTC
svn commit: r665755 - in /httpd/httpd/branches/2.2.x: STATUS
modules/proxy/mod_proxy_balancer.c
Author: niq
Date: Mon Jun 9 09:41:08 2008
New Revision: 665755
URL: http://svn.apache.org/viewvc?rev=665755&view=rev
Log:
Backport r663937
Modified:
httpd/httpd/branches/2.2.x/STATUS
httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_balancer.c
Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=665755&r1=665754&r2=665755&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Mon Jun 9 09:41:08 2008
@@ -84,13 +84,6 @@
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * mod_proxy_balancer: Optimization of fix for CVE-2007-6420.
- Trunk version of patch:
- http://svn.apache.org/viewvc?view=rev&revision=663967
- Backport version for 2.2.x of patch:
- Trunk version of patch works
- +1: rpluem, jim, niq
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
Modified: httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_balancer.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_balancer.c?rev=665755&r1=665754&r2=665755&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_balancer.c (original)
+++ httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_balancer.c Mon Jun 9 09:41:08 2008
@@ -27,7 +27,7 @@
module AP_MODULE_DECLARE_DATA proxy_balancer_module;
-static apr_uuid_t balancer_nonce;
+static char balancer_nonce[APR_UUID_FORMATTED_LENGTH + 1];
static int proxy_balancer_canon(request_rec *r, char *url)
{
@@ -597,6 +597,7 @@
{
void *data;
const char *userdata_key = "mod_proxy_balancer_init";
+ apr_uuid_t uuid;
/* balancer_init() will be called twice during startup. So, only
* set up the static data the second time through. */
@@ -607,7 +608,10 @@
return OK;
}
- apr_uuid_get(&balancer_nonce);
+ /* Retrieve a UUID and store the nonce for the lifetime of
+ * the process. */
+ apr_uuid_get(&uuid);
+ apr_uuid_format(balancer_nonce, &uuid);
return OK;
}
@@ -625,9 +629,6 @@
int access_status;
int i, n;
const char *name;
- char nonce[APR_UUID_FORMATTED_LENGTH + 1];
-
- apr_uuid_format(nonce, &balancer_nonce);
/* is this for us? */
if (strcmp(r->handler, "balancer-manager"))
@@ -661,7 +662,7 @@
/* Check that the supplied nonce matches this server's nonce;
* otherwise ignore all parameters, to prevent a CSRF attack. */
if ((name = apr_table_get(params, "nonce")) == NULL
- || strcmp(nonce, name) != 0) {
+ || strcmp(balancer_nonce, name) != 0) {
apr_table_clear(params);
}
@@ -796,7 +797,7 @@
ap_rvputs(r, "<tr>\n<td><a href=\"", r->uri, "?b=",
balancer->name + sizeof("balancer://") - 1, "&w=",
ap_escape_uri(r->pool, worker->name),
- "&nonce=", nonce,
+ "&nonce=", balancer_nonce,
"\">", NULL);
ap_rvputs(r, worker->name, "</a></td>", NULL);
ap_rvputs(r, "<td>", ap_escape_html(r->pool, worker->s->route),
@@ -860,8 +861,8 @@
ap_rvputs(r, "<input type=hidden name=\"b\" ", NULL);
ap_rvputs(r, "value=\"", bsel->name + sizeof("balancer://") - 1,
"\">\n</form>\n", NULL);
- ap_rvputs(r, "<input type=hidden name=\"nonce\" value=\"", nonce, "\">\n",
- NULL);
+ ap_rvputs(r, "<input type=hidden name=\"nonce\" value=\"",
+ balancer_nonce, "\">\n", NULL);
ap_rputs("<hr />\n", r);
}
ap_rputs(ap_psignature("",r), r);