[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-cvs
Subject: svn commit: r739620 - /httpd/httpd/trunk/server/core.c
From: covener () apache ! org
Date: 2009-01-31 21:16:51
Message-ID: 20090131211652.203EA2388979 () eris ! apache ! org
[Download RAW message or body]
Author: covener
Date: Sat Jan 31 21:16:51 2009
New Revision: 739620
URL: http://svn.apache.org/viewvc?rev=739620&view=rev
Log:
Provide a hint when we see what looks like an SSL record when we're
expecting a plain-text request line.
Submitted by: Dan Poirer <poirier pobox.com>
Reviwed by: covener
Modified:
httpd/httpd/trunk/server/core.c
Modified: httpd/httpd/trunk/server/core.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/core.c?rev=739620&r1=739619&r2=739620&view=diff
==============================================================================
--- httpd/httpd/trunk/server/core.c (original)
+++ httpd/httpd/trunk/server/core.c Sat Jan 31 21:16:51 2009
@@ -3673,8 +3673,19 @@
}
else { /* unusual method (not GET or POST) */
if (r->method_number == M_INVALID) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- "Invalid method in request %s", r->the_request);
+ /* See if this looks like an undecrypted SSL handshake attempt.
+ * It's safe to look a couple bytes into the_request if it exists, as \
it's + * always allocated at least MIN_LINE_ALLOC (80) bytes.
+ */
+ if (r->the_request
+ && r->the_request[0] == 0x16
+ && (r->the_request[1] == 0x2 || r->the_request[1] == 0x3)) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Invalid method in request %s - possible attempt to \
establish SSL connection on non-SSL port", r->the_request); + } else {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Invalid method in request %s", r->the_request);
+ }
return HTTP_NOT_IMPLEMENTED;
}
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic