Commit aafa7afb authored by Jeff Trawick's avatar Jeff Trawick
Browse files

Fix a major security problem with double-reverse lookup checking. 

Previously, a client connecting over IPv4 would not be matched
properly when the server had an IPv6 listening socket.

PR:	      7407
Submitted by: Taketo Kabe <kiabe@sra-tohoku.co.jp>
Reviewed by:  Jeff Trawick


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@88561 13f79535-47bb-0310-9956-ffa450edef68
parent 7058d09e

CHANGES

+5 −0
Original line number Diff line number Diff line 
Changes with Apache 2.0.15-dev



  *) Fix a major security problem with double-reverse lookup checking.  

     Previously, a client connecting over IPv4 would not be matched 

     properly when the server had an IPv6 listening socket.  PR #7407

     [Taketo Kabe <kiabe@sra-tohoku.co.jp>]



  *) Change the way the beos MPM handles polling to allow it to stop and

     restart.  Problem was the sockets being polled were being reset by

     the select call, so once it had accepted a connection it was no

server/core.c

+12 −0
Original line number Diff line number Diff line
@@ -600,6 +600,18 @@ static APR_INLINE void do_double_reverse (conn_rec *conn) 
                conn->double_reverse = 1;

                return;

            }

#if APR_HAVE_IPV6

            /* match IPv4-mapped IPv6 addresses with IPv4 A record */

            if (conn->remote_addr->sa.sin.sin_family == APR_INET6 &&

                sa->sa.sin.sin_family == APR_INET &&

                IN6_IS_ADDR_V4MAPPED((struct in6_addr *)conn->remote_addr->ipaddr_ptr) &&

                !memcmp(&((struct in6_addr *)conn->remote_addr->ipaddr_ptr)->s6_addr[12],

                        sa->ipaddr_ptr,

                        sizeof (((struct in_addr *)0)->s_addr))) {

                conn->double_reverse = 1;

                return;

            }

#endif

            sa = sa->next;

        }

    }