# SECURITY: CVE-2009-3095 (cve.mitre.org)
# mod_proxy_ftp: sanity check authn credentials.
# [Stefan Fritsch <sf fritsch.de>, Joe Orton]
# Reviewed by: pgollucci, poirier, rjung, trawick
# Backports: r814045 from trunk
#
# /httpd/httpd/branches/2.0.x/modules/proxy/proxy_ftp.c
#
Index: modules/proxy/proxy_ftp.c
===================================================================
--- modules/proxy/proxy_ftp.c	(revision 943979)
+++ modules/proxy/proxy_ftp.c	(revision 943980)
@@ -890,6 +890,11 @@
     if ((password = apr_table_get(r->headers_in, "Authorization")) != NULL
         && strcasecmp(ap_getword(r->pool, &password, ' '), "Basic") == 0
         && (password = ap_pbase64decode(r->pool, password))[0] != ':') {
+        /* Check the decoded string for special characters. */
+        if (!ftp_check_string(password)) {
+            return ap_proxyerror(r, HTTP_BAD_REQUEST, 
+                                 "user credentials contained invalid character");
+        } 
         /*
          * Note that this allocation has to be made from r->connection->pool
          * because it has the lifetime of the connection.  The other