Forward port security patch for CAN-2003-0254 from 2.0.

SECURITY [CAN-2003-0254]: Fixed a bug in ftp proxy causing denial
of service when target host is IPv6 but proxy server can't create
IPv6 socket.  Fixed by the reporter.  [Yoshioka Tsuneo
<tsuneo.yoshioka@f-secure.com>]


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@100516 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 2 insertions, 0 deletions

diff --git a/modules/proxy/proxy_ftp.c b/modules/proxy/proxy_ftp.c
index 279205884e..c38773cb6b 100644
--- a/modules/proxy/proxy_ftp.c
+++ b/modules/proxy/proxy_ftp.c
@@ -957,6 +957,7 @@ int ap_proxy_ftp_handler(request_rec *r, proxy_server_conf *conf,
 	    if ((rv = apr_socket_create(&sock, connect_addr->family, SOCK_STREAM, r->pool)) != APR_SUCCESS) {
 		ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
 			      "proxy: FTP: error creating socket");
+                connect_addr = connect_addr->next;
 		continue;
 	    }
 
@@ -974,6 +975,7 @@ int ap_proxy_ftp_handler(request_rec *r, proxy_server_conf *conf,
 #ifndef _OSD_POSIX              /* BS2000 has this option "always on" */
 		ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
 			      "proxy: FTP: error setting reuseaddr option: apr_socket_opt_set(APR_SO_REUSEADDR)");
+                connect_addr = connect_addr->next;
 		continue;
 #endif                          /* _OSD_POSIX */
 	    }