Skip to content
GitLab
Commit 9881400c authored by Joe Orton's avatar Joe Orton
Browse files

Security fix - this is presumed to fix CVE-2009-3094 (the disclosed 

information was limited so this has not been confirmed):

* modules/proxy/mod_proxy_ftp.c (parse_epsv_reply): New function.
  (proxy_ftp_handler): Fix possible NULL pointer deference in
  apr_socket_close(NULL) on error paths.  Fix possible buffer overread
  in EPSV response parser; use parse_epsv_reply instead.  Thanks to
  Jeff Trawick and Stefan Fritsch for analysis of this issue.

Submitted by: Stefan Fritsch <sf fritsch.de>, jorton


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@814652 13f79535-47bb-0310-9956-ffa450edef68
parent 50324b19
Hide whitespace changes
Inline Side-by-side
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment