Author: jorton
Date: Fri Sep 11 21:49:50 2009
New Revision: 814045

URL: http://svn.apache.org/viewvc?rev=814045&view=rev
Log:
Security fix - this is presumed to fix CVE-2009-3095 (the disclosed
information was limited so this has not been confirmed):

* modules/proxy/mod_proxy_ftp.c (proxy_ftp_handler): Fail if the
  decoded Basic credentials contain "special" characters.
  Thanks to Stefan Fritsch for analysis of this issue.

Modified:
    httpd/httpd/trunk/modules/proxy/mod_proxy_ftp.c

Modified: httpd/httpd/trunk/modules/proxy/mod_proxy_ftp.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_ftp.c?rev=814045&r1=814044&r2=814045&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/proxy/mod_proxy_ftp.c (original)
+++ httpd/httpd/trunk/modules/proxy/mod_proxy_ftp.c Fri Sep 11 21:49:50 2009
@@ -968,6 +968,11 @@
     if ((password = apr_table_get(r->headers_in, "Authorization")) != NULL
         && strcasecmp(ap_getword(r->pool, &password, ' '), "Basic") == 0
         && (password = ap_pbase64decode(r->pool, password))[0] != ':') {
+        /* Check the decoded string for special characters. */
+        if (!ftp_check_string(password)) {
+            return ap_proxyerror(r, HTTP_BAD_REQUEST,
+                                 "user credentials contained invalid character");
+        }
         /*
          * Note that this allocation has to be made from r->connection->pool
          * because it has the lifetime of the connection.  The other