Sophie: apache-2.2.9-12.9mdv2009.0 src

apache-2.2.9-12.9mdv2009.0.src.rpm

Info
Deps
Files
Scripts
ChangeLog
Location
Others versions
Analyse

--- modules/proxy/mod_proxy_ftp.c	2009-09-22 07:20:48.000000000 -0400
+++ modules/proxy/mod_proxy_ftp.c.oden	2009-09-22 07:21:35.000000000 -0400
@@ -880,6 +880,11 @@ static int proxy_ftp_handler(request_rec
     if ((password = apr_table_get(r->headers_in, "Authorization")) != NULL
         && strcasecmp(ap_getword(r->pool, &password, ' '), "Basic") == 0
         && (password = ap_pbase64decode(r->pool, password))[0] != ':') {
+        /* Check the decoded string for special characters. */
+        if (!ftp_check_string(password)) {
+            return ap_proxyerror(r, HTTP_BAD_REQUEST, 
+                                 "user credentials contained invalid character");
+        } 
         /*
          * Note that this allocation has to be made from r->connection->pool
          * because it has the lifetime of the connection.  The other